Not even charities are safe anymore: Hackers target The Smith Family with credit card details and phone numbers stolen in the cyber attack
- Smith Family hack follows high profile cyber attacks on Optus and Medibank
- Phone numbers and credit card data was stolen in the latest brazen attack
- Employee’s email account was accessed by an unauthorised party in the hack
The Smith Family children’s charity is the latest Australian target of hackers, following high profile cyber attacks on Optus and Medibank.
Phone numbers and credit card data belonging to its supporters was stolen in the latest brazen attack, The Smith Family confirmed on Tuesday.
CEO Doug Taylor said an employee’s email account was accessed by an ‘unauthorised party’ in a bid to rort the charity.
‘The Smith Family recently experienced a cyber incident where attempts were made to steal The Smith Family funds,’ Mr Taylor said in a statement.
The Smith Family charity (donation bin pictured) has been hacked in a cyber attack
‘We promptly acted and the attempts were unsuccessful. We immediately took steps to secure our systems.’
Mr Taylor said the organisation had started ‘an investigation of the incident and engaged specialist cyber security experts to understand what happened.
‘We have also taken steps to further strengthen our systems.’
The CEO confirmed that names, phone numbers and the first and last four digits of credit and debit cards used to donate may have been stolen in the cyber attack.
Email addresses and the amounts people donated may could also be comprimised.
Mr Taylor said he ‘can confirm no middle digits, expiry date or CVV numbers were accessed as The Smith Family does not store that information in its systems’.
‘The Smith Family also does not request, collect or hold personal identity documents such as passports or drivers’ licences of our supporters, as these are not required to process their generous donations.’
The hack of The Smith Family followed cyber attacks on Optus and Medibank. Pictured is a stock image of a hacker
He said the stolen data cannot, in itself, be used to buy good and services fraudulently.
‘While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams,’ Mr Taylor said.
The recent attacks on telecommunications company Optus and private health insurer Medibank have led to calls for tougher penalties on organisations subjected to repeated or serious privacy breaches.