cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

The Smith Family charity targeted in cyber attack

The Smith Family, a charity that specialises in providing for disadvantaged children, has become the latest target of cyber crime in Australia.

user icon Daniel Croft
Tue, 22 Nov 2022
The Smith Family charity targeted in cyber attack
expand image

According to recent media reports, the hacker attempted to steal money from the charity and may have accessed personal records of donors.

“The Smith Family recently experienced a cyber incident where attempts were made to steal The Smith Family funds. We promptly acted and the attempts were unsuccessful,” said The Smith Family chief executive Doug Taylor.

“We immediately took steps to secure our systems. We then commenced an investigation of the incident and engaged specialist cyber security experts to understand what happened. We have also taken steps to further strengthen our systems.”


According to the statement, a third party gained access to a team member’s email account before trying to steal money from the organisation.

While no money was stolen, the hacker may have accessed donor details such as names, addresses, phone numbers, email, records of donation, and in some cases, the first and last four digits on the credit or debit card used to donate.

However, the charity did confirm that no other credit card details were stolen.

“The Smith Family can confirm no middle digits, expiry date or CVV numbers were accessed as The Smith Family does not store that information in its systems.

The Smith Family also does not request, collect or hold personal identity documents such as passports or drivers’ licenses of our supporters, as these are not required to process their generous donations.”

The Smith Family has said that there is currently no evidence to suggest that any of the data has been misused in any way, and that the data that has been released cannot be used alone for fraud.

“While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams.

“We thank our donors and sponsors for their ongoing support and understanding.

“We remain committed to the delivery of The Smith Family programs to support the education of young Australians in need.”

The attack on The Smith Family is just another in a flurry of cyber crime on Australian institutions, following major attacks on Optus and Medibank.

A review of the Privacy Act by Attorney-General Mark Dreyfus hopes to up the penalty of major breaches for businesses from $2.2 million to the highest of:

  • AU$50 million;
  • three times the value of any benefit or finances gained as the result of information misuse;
  • 30 per cent of the organisation’s adjusted turnover for the period.

“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Attorney-General Dreyfus said.

“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.