Share this article on:
The Smith Family, a charity that specialises in providing for disadvantaged children, has become the latest target of cyber crime in Australia.
According to recent media reports, the hacker attempted to steal money from the charity and may have accessed personal records of donors.
“The Smith Family recently experienced a cyber incident where attempts were made to steal The Smith Family funds. We promptly acted and the attempts were unsuccessful,” said The Smith Family chief executive Doug Taylor.
“We immediately took steps to secure our systems. We then commenced an investigation of the incident and engaged specialist cyber security experts to understand what happened. We have also taken steps to further strengthen our systems.”
According to the statement, a third party gained access to a team member’s email account before trying to steal money from the organisation.
While no money was stolen, the hacker may have accessed donor details such as names, addresses, phone numbers, email, records of donation, and in some cases, the first and last four digits on the credit or debit card used to donate.
However, the charity did confirm that no other credit card details were stolen.
“The Smith Family can confirm no middle digits, expiry date or CVV numbers were accessed as The Smith Family does not store that information in its systems.
“The Smith Family also does not request, collect or hold personal identity documents such as passports or drivers’ licenses of our supporters, as these are not required to process their generous donations.”
The Smith Family has said that there is currently no evidence to suggest that any of the data has been misused in any way, and that the data that has been released cannot be used alone for fraud.
“While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams.
“We thank our donors and sponsors for their ongoing support and understanding.
“We remain committed to the delivery of The Smith Family programs to support the education of young Australians in need.”
The attack on The Smith Family is just another in a flurry of cyber crime on Australian institutions, following major attacks on Optus and Medibank.
A review of the Privacy Act by Attorney-General Mark Dreyfus hopes to up the penalty of major breaches for businesses from $2.2 million to the highest of:
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Attorney-General Dreyfus said.
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.”