Oxfam Australia investigates suspected data breach

Oxfam Australia is investigating a suspected cyber attack that has allegedly impacted the data of 1.7 million supporters.

The charity said in a statement on Thursday that it was alerted to the “data incident” late last week and immediately launched an investigation.

Forensic specialists have been brought to “assist in identifying whether data may have been accessed and any impact on its supporters”.

The matter has also been reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

While it is not yet known whether any data has been compromised, Bleeping Computer ealier this week revealed that a threat actor had attempted to sell a database belonging to the charity.

The database is alleged to have contained contact and donor information, including names, email addresses and phone numbers, for about 1.7 million Oxfam Australia supporters.

But the chaity said this was unverified, with forensic experts still working to “confirming the type of data that may have been access and whether any of our supported are impacted”.

In a statement, CEO Lyn Morgain said Oxfam Australia was “committed to working with all relevant authorities and experts to determine the facts and respond appropriately”.

“Launching the investigation and ascertaining key facts have been our priorities, but this is a complex issue and inquiries are in their early stages,” she said.

Morgain said the charity had also taken “immediate steps to further secure [its] environment” while it investigates whether any data was accessed.

 “Oxfam Australia’s priorities are confirming the type of data that may have been accessed and whether or not there are any impacted individuals,” she added.

“We are committed to communicating quickly to our supporters once the facts have been established, and we will provide updates as we learn more.”