Cyber Incident Victim: The Smith Family

On or around November 22, 2022, Australian children's charity The Smith Family experienced a cyberattack targeting its financial systems in an attempt to steal organizational funds. CEO Doug Taylor publicly confirmed the incident, stating the theft attempt was unsuccessful due to immediate containment measures. The charity secured its systems upon detecting the breach and initiated a forensic investigation with cybersecurity specialists to determine the scope and methodology of the attack. While financial theft was prevented, the investigation revealed that attacker activity during the intrusion potentially compromised certain donor information. Exposed personal data included donor names combined with at least one contact identifier (phone numbers, addresses, or email addresses), donation transaction details (success/failure status and amounts), and in limited cases, the first and last four digits of payment cards.

The charity confirmed critical financial data remained protected, as its systems do not store full payment card numbers, CVV codes, expiration dates, or government-issued identification documents like passports or driver's licenses—information not required for donations. No evidence suggested misuse of accessed data. Organizational response included implementing additional security controls beyond initial containment and notifying potentially affected supporters. The Smith Family issued a public apology for potential distress caused and established a dedicated email support channel ([email protected]) for donor inquiries. This incident occurred amid heightened public awareness of cyber threats following major breaches at Australian corporations Optus and Medibank, though no operational or attribution links between these events were disclosed.