The Smith Family targeted: crooks steal payment details from Australian children's charity

Updated on: 23 November 2022

Anna Zhadan
Contributor

The Smith Family has become the latest target in a series of high-profile cyberattacks on large Australian organizations.

The children’s charity reported the incident on Tuesday, saying that it had detected a data breach in October. During the attack, threat actors managed to access a staff member’s email account, aiming to steal the charity’s money.

“We promptly acted and the attempts were unsuccessful. We immediately took steps to secure our systems,” said the organization’s CEO Doug Taylor.

Although The Smith Family prevented the seizure of funds, they later discovered that information about the donors was, after all, accessed.

That data included their names, addresses, contact information, and the first and last four digits of credit and debit cards used for making donations. According to the Smith Family, they do not store other payment details in their systems.

However, there is currently no information that data has been sold or misused.

Taylor apologized for the incident, adding that the charity is contacting all affected donors. It hasn’t been publicly revealed how many of the charity’s supporters in total were impacted by the attack.

The hack follows a series of high-profile cyber incidents in Australia, such as the Optus attack, in which cybercriminals compromised the data of up to nine million people, and the Medibank breach when threat actors stole the sensitive data of about 10 million customers.

“Threat actors go where they can make money. An organization such as Optus has a great deal of information about people, and this information can be used for further attacks against other people and organizations,” Alex Hamerstone, advisory solutions director at cybersecurity firm TrustedSec, told Cybernews.