Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: Australian Cancer Research Foundation informs donors of ‘data security incident’

The ACRF has contacted its donors after detecting unauthorised access to its network and email inboxes that may have exposed personal information.

user icon David Hollingworth
Mon, 02 Sep 2024
Exclusive: Australian Cancer Research Foundation informs donors of ‘data security incident’
expand image

The Australian Cancer Research Foundation (ACRF) sent an email to its donors late on Friday afternoon, 30 August, warning them of a “data security incident”.

According to the email, shared with Cyber Daily by an ACRF donor, a malicious actor was able to access the charity’s network via a compromised email account.

“Regrettably, ACRF received a fraudulent email from someone known to us who had themselves also been the victim of unauthorised activity. This allowed the unauthorised third party to gain temporary access to our network, including access to the email inboxes of a few of our employees,” the email – attributed to ACRF’s CEO Kerry Strydom – said.

============
============

“This issue has since been rectified. However, given the possibility that personal information about you was contained within those email inboxes and may have been accessed in an unauthorised manner, we are sending you this notice.”

The personal information that may have been compromised includes contact details and donor IDs, payment histories and details of donations, including BPay IDs, and any other personal information shared with the charity via email, such as “personal experiences or stories, and/or health information, either about you or your loved ones that you have shared with us”.

It’s also possible that bank and credit card details were compromised.

“If you provided credit card or bank account details to us in writing prior to 2023 (i.e. by filling out a form or sending us an email), that information could be affected,” the ACRF said.

“Based on our investigations, any credit card and bank account details used to make donations via our payment gateway/donor portal were not compromised as part of this incident.”

The ACRF said it has engaged cyber security professionals to assist in its response. The Office of the Australian Information Commissioner, the NSW Police, and the Australian Cyber Security Centre have also been informed.

So far, as far as the ACRF is aware, the impacted data does not appear to have been published online, and it is monitoring both the deep and dark web in case the data is shared.

The ACRF was founded in 1984 and, since then, has awarded over 80 research grants worth more than $184 million to 44 Australian research institutions.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.