Select Page

Incident: Amnesty International Australia slow with disclosure after December hack | SMH

Posted by | Apr 28, 2023 | , , , , | 0 |

Incident: Amnesty International Australia slow with disclosure after December hack | SMH

Australian Not-for-profit Hacked, 28 April 2023

Amnesty International Australia slow with disclosure after December hack

Amnesty said none of the information met the legal threshold that would have required Amnesty to disclose.

Company statement: Amnesty International Australia Breach Notification
Source: Amnesty International Australia slow with disclosure after December hack | SMH

View more incidents from Charities and Not For Profit sector.

Hackers accessed Amnesty International Australia donor information in an attack last year that the human rights charity waited for four months to disclose.

In a statement posted to its website on Friday, five days after queries from this masthead, Amnesty said it had detected the attack on December 3, 2022. The charity said it subsequently secured its IT systems and started an investigation.

The Amnesty Australia spokeswoman said the organisation took cybersecurity seriously and had made its systems more secure. The hack affected only Amnesty International Australia, not other branches of the global human rights advocacy group. The organisation was unable to work out who was behind the attack or the motivation behind it.

Interestingly, we have a report from Amnesty Canada around the same timeframe. “Amnesty International Canada says it was targeted by China-sponsored cyber attack – ABC (Australia)“. Coincidence???

“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed,” a spokeswoman said.

She said none of the information met the legal threshold that would have required Amnesty to disclose the breach to affected donors or the Office of the Australian Information Commissioner, which tracks hacks, because it was incomplete, already public or had scant potential to cause damage.

I would really like to see their determination on this. I can think of several state actors who would like to know who is donating to Amnesty. My guess is that this would present more risk than the usual privacy breach with potential retribution from state actors. Though there is little detail in the reports make an informed judgement.

This raises one of my biggest concerns over the Australian Notifiable Data Breach (NDB) scheme leaving the wriggle room over ‘result in serious harm’. At a minimum the details should be notified and OAIC can override the decision not to inform users or enforce actions if rectification and mitigation actions are not adequate.

“Our investigation found no evidence that any information has been or will be misused,” she said.

Hacks must be disclosed if they are likely to result in “serious harm to one or more individuals, and the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action”.

Amnesty International Australia Breach Notification

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: Officer used police computer network to stalk dozens of potential Tinder dates | ABC News Australia

Incident: Officer used police computer network to stalk dozens of potential Tinder dates | ABC News Australia

February 1, 2019

Incident: The Smith Family says details of around 80,000 donors may have been exposed in hacking attack | ABC News Australia

Incident: The Smith Family says details of around 80,000 donors may have been exposed in hacking attack | ABC News Australia

November 22, 2022

Incident: Cyber criminals hack Perth Anaesthetic Group hospital and steal patients’ personal information in terrifying security breach | Daily Mail Australia

Incident: Cyber criminals hack Perth Anaesthetic Group hospital and steal patients’ personal information in terrifying security breach | Daily Mail Australia

November 2, 2019

Incident: Yet another Qld cop charged with hacking, One of four to face charges since December | iTnews

Incident: Yet another Qld cop charged with hacking, One of four to face charges since December | iTnews

January 11, 2019

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack
Exclusive: Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack

Queensland-based firm Kennedy McLaughlin says it has notified impacted individuals as hackers publish client financial and banking data online. • Fri, … [...]

Gov urges agencies to fix security basics before buying into frontier AI
Gov urges agencies to fix security basics before buying into frontier AI

The federal government has told its agencies that the answer to frontier artificial intelligence (AI) compressing attack timelines from days to hours … [...]

Leader selected for Australia's new AI Safety Institute | ABC NEWS
Leader selected for Australia's new AI Safety Institute | ABC NEWS

Dr Kate Conroy has been chosen as the inaugural general manager of Australia's AI Safety Institute. The institute is a new government body within the Department of Industry, Science and [...]

Cybersecurity issues facing Australia's 2026 Census
Cybersecurity issues facing Australia's 2026 Census

The Australian Bureau of Statistics (ABS) must strengthen its cybersecurity preparedness ahead of the 2026 Census in August, an audit of the … [...]

Aussie government proposes automatic reimbursement for scam losses below $3,000
Aussie government proposes automatic reimbursement for scam losses below $3,000

Government outlines its plan to streamline dispute resolution processes to ensure “responses are appropriate without imposing unnecessary burden on … [...]

Exclusive: Victorian retail logistics firm allegedly breached by DragonForce
Exclusive: Victorian retail logistics firm allegedly breached by DragonForce

Threat actors have claimed a cyber incident impacting a Victoria-based logistics firm, claiming to have stolen over half a terabyte of data. • Thu, 28 … [...]

Scam victims to get up to $3,000 under new government proposal | ABC NEWS
Scam victims to get up to $3,000 under new government proposal | ABC NEWS

Under the federal government’s proposed laws, scam victims could getup to $3,000 back from their bank or other companies. National Consumer Affairs reporter Michael Atkin says it would be a [...]

Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware
Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware

A company with clients including the Department of Foreign Affairs and Trade, the Royal Flying Doctor Service, and many more has suffered a potential … [...]

Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked
Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked

Qilin ransomware continues its ANZ hacking campaign, listing an Auckland-based health supplement producer. • Wed, 27 May 2026 • Security *]:clear-none … [...]

Scammers target Australians with 'free' tai chi classes ad to trick them into downloading malware
Scammers target Australians with 'free' tai chi classes ad to trick them into downloading malware

Scammers are targeting Australians with advertisements for 'free' tai chi classes to trick them into downloading malware capable of stealing money … [...]

Attorney-General's Department contacted Australian Cyber Security Centre when notified of court privacy breach
Attorney-General's Department contacted Australian Cyber Security Centre when notified of court privacy breach

Litigants in at least 146 court matters were potentially involved in a data breach that is now the subject of a formal complaint with the privacy … [...]

Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms
Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms

Scammers are advertising crypto trading websites filled with fake data to share trading message groups – and taking victims’ money right now. • Mon, … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading