Australia's Children charity The Smith Family hit by Cyberattack
After Optus, and Medibank data breaches, children's charity The Smith Family has become the latest fallen victim to a cyberattack, with donors’ personal information potentially compromised during an attempt to steal.
CEO Dough Taylor said in a media statement, the incident involved a Smith Family team member’s email account being temporarily accessed by an unauthorised third party.
“Upon discovery of this incident, we promptly acted and the attempts were unsuccessful. Following this, we immediately took steps to secure our systems. We then commenced an investigation of the incident and engaged specialist cyber security experts to understand what happened. We have also taken steps to further strengthen our systems.” said Taylor.
It said an investigation revealed that during the attempt to steal the charity funds, personal information about some individuals may have been accessed.
He also said the personal information of supporters might have been accessed through a combination of names, addresses, phone numbers, email addresses and donation records.
“We can confirm for those with potential credit or debit card details accessed, no middle digits, expiry date or CVV numbers were accessed as The Smith Family does not store that information in its systems”, He said.
The charity recommended that affected people be extra vigilant to scams via phone and email and encouraged people to change their email passwords.
“We apologise for any concern or stress that this incident may have caused. We’re contacting every single donor and sponsor today about the incident, whether your information has been accessed or not. We take data privacy very seriously and we understand the importance that you place on your personal information “ Taylor added.
The Smith Family also does not request, collect or hold personal identity documents such as passports or driver’s licences of our supporters, as these are not required to process their generous donations.
“While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams,” Taylor said.
The Smith Family are also contacting individuals whose personal information was not accessed and who are not directly affected by this incident as they want to communicate transparently to their supporters.
The Smith Family said it had engaged cyber security experts and further strengthened its systems and they also notified The Australian Cyber Security Centre (ACSC) and Office of the Australian Information Commissioner (OAIC)
Supporters seeking more information about this incident and how they may have been affected can send an email to support@thesmithfamily.com.au. Students or families who