A non-profit organization, Oxfam Australia, confirmed Tuesday, March 2, 2021, that it had suffered from a data breach. Following the cybersecurity incident, the company said that around 1.7 million supporters’ information has been compromised after a database was leaked online.
Oxfam Australia is a charitable institution that gears its efforts towards providing relief to underserved and impoverished communities in various parts of the globe, with a particular focus on different areas in Africa, Asia, and the Middle East. According to Bleeping Computer, there are a total of twenty charities that operate under the company.
Bleeping Computer first discovered the data security incident after coming across a stolen database on an underground hacking forum. Based on the findings of the researchers, the Oxfam Australia database was being sold on the said platform.
After finding the database, Bleeping Computer said that it immediately notified the company about the sale of the said database. The news site said that the non-profit organization launched an investigation to gain further insight surrounding the attack.
The company also issued a statement to the public saying, “Following an independent IT forensic investigation, Oxfam Australia announced today that it has found supporters’ information on one of its databases was unlawfully accessed by an external party on 20 January 2021.”
Among the information made vulnerable from the sale of the database include names of supporters. In addition, the email addresses, phone numbers, home addresses, gender, dates of birth, and donation amounts have also been revealed.
In some cases, ZD Net states that partial credit card information has also been revealed. This means that the threat actor may have gained access not only to partial credit card numbers but also to bank names and account numbers.
After launching an investigation, the organization maintains that passwords remain secure and unaffected by the security incident. However, Bleeping Computer states affected individuals, as well as supporters and donors of the site, are still urged to change their passwords for their protection.
In a statement by the chief executive officer of Oxfam Australia Lyn Morgain, she said that the company has “contacted all our supporters early last month to alert them to a suspected incident, which has now been confirmed.”
The chief executive also continued to say, “Oxfam supporters are at the heart of our organization and their confidence is critical to our ongoing work in tackling the inequality that causes poverty around the world. We sincerely regret this incident has occurred.”