Oxfam Australia released a statement confirming the existence of a data breach.
Following weeks of speculation, Oxfam Australia this week confirmed that the not-for-profit was the target of a cyber attack on 20 January.
The compromised database allegedly holds the data of up to 1.7 million supporters, and Oxfam has confirmed that it has begun the process of contacting impacted supporters.
In a statement, Oxfam noted, “The database includes information about supporters who may have signed a petition, taken part in a campaign or made donations or purchases through our former shops.
“While the investigation found that no passwords were compromised, the database unlawfully accessed by the external party for the majority of supporters included names, addresses, dates of birth, emails, phone numbers, gender and in some cases, donation history. For a limited group of supporters, the database contained additional information, and Oxfam is contacting these supporters directly to inform them of the specific types of information relevant to them.”
Lyn Morgan, Oxfam Australia chief executive, said, “The privacy and protection of our supporters has been our paramount consideration during this process, which has involved a thorough and complex investigation.”
Oxfam’s investigation into the breach was prompted after finding leaks of the data online.