Buzzing news of an Oxfam data breach have now been investigated and confirmed by an independent IT forensic team. The statement produced by Oxfam indicated that the data stolen from their database was information about their supporters and donors. The data stolen includes names, addresses, dates of birth, emails, phone numbers, gender and, in some cases, donation history.
While there were no passwords compromised in the breach, Oxfam has been contacting their supporters and donors to notify them about the breach. For some donors, additional information such as bank account numbers, credit card numbers and bank names were exposed.
Oxfam Australia alerted its supporters of the potential risk on 4 February 2021 and has now begun notifying all supporters about steps that they can take to protect their information.
Oxfam Australia has notified and is working with industry regulators, including the Office of the Australian Information Commissioner and Australian Cyber Security Centre.
“Throughout the course of the investigation, we have communicated quickly and openly with our supporters, while also complying with regulatory requirements,” Chief Executive Lyn Morgain said. “We contacted all our supporters early last month to alert them to a suspected incident, which has now been confirmed.”
Data Lessons Learned
The breach of Oxfam’s database is a warning sign that threat actors are using new and more sophisticated methods to exploit vulnerabilities within organisations. This illustrates why having regular system security audits and injection testing can help IT security teams to analyse their system security, in order to further protect their database platform.
Providing security standards and consultation is what Agilient excels at – contact us today to discuss your data protection and cybersecurity.
Author: Saeed Baayoun, Agilient Consultant