Non-profit Oxfam Australia has confirmed a data breach that exposed the personal data of its supporters.

Compromised personal data includes names, addresses, dates of birth, emails, phone numbers and gender. In some cases, donation history and partial credit card data were exposed. No passwords were compromised.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

The breach came to light after news site Bleeping Computer discovered the charity’s stolen database up for sale on an underground hacking forum.

According to Bleeping Computer, the stolen database contained the contact and donor information of 1.7 million people. However, the charity has not confirmed the number of affected people.

The unauthorised access took place on 20 January 2021 and Oxfam Australia began notifying affected supporters on 4 February.

The charity said it launched an investigation into the incident on 27 January after being notified by Bleeping Computer.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In a statement, Oxfam Australia CEO Lyn Morgain said: “Throughout the course of the investigation, we have communicated quickly and openly with our supporters, while also complying with regulatory requirements. We contacted all our supporters early last month to alert them to a suspected incident, which has now been confirmed.”

She added: “Oxfam supporters are at the heart of our organisation and their confidence is critical to our ongoing work in tackling the inequality that causes poverty around the world.

“We sincerely regret this incident has occurred.”

Oxfam said it has contacted the relevant authorities, including the Australian Cyber Security Centre and Office of the Australian Information Commissioner.

The non-profit and cybersecurity experts warned of an increased risk of phishing attacks and scams for those caught up in the Oxfam Australia data breach.

“Charities can often attract unwanted attention as they can be seen as soft targets where data protection may not be their forte,” said Jake Moore, cybersecurity specialist at internet security firm ESET.

“However, if personal information or even financial information is stored on a website then it must be treated with the upmost protection. Sensitive data such as this leaked into dark web forums can have damaging consequences and potentially lead to follow on phishing emails which potential victims need to be mindful of.”

Read more: Npower data breach: Credential stuffing attack forces app closure