Amnesty International Australia slow with disclosure after December hack
Amnesty International Australia was hacked in December with attackers accessing information on donors, in a breach the charity waited on for four months before disclosing.
In a statement posted to its website on Friday afternoon, five days after this masthead put in questions, Amnesty said it had detected the attack on December 3, 2022. The charity said it subsequently secured its IT systems and started an investigation.
“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed,” a spokeswoman said.
She said none of the information met the legal threshold that would have required Amnesty to disclose the breach to affected donors or the Office of the Australian Information Commissioner, which tracks hacks.
“Our investigation found no evidence that any information has been or will be misused,” she said.
Loading
Hacks have to be disclosed if they are likely to result in “serious harm to one or more individuals, and the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action”.
The information commissioner’s office has been contacted for comment.
The Amnesty Australia spokeswoman said the organisation takes cybersecurity seriously and had made its systems more secure. The hack only affected Amnesty International Australia, not other branches of the global human rights advocacy group.
Amnesty International Australia was hacked in December with attackers accessing information on donors, in a breach the charity waited on for four months before disclosing.
In a statement posted to its website on Friday afternoon, five days after this masthead put in questions, Amnesty said it had detected the attack on December 3, 2022. The charity said it subsequently secured its IT systems and started an investigation.
“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed,” a spokeswoman said.
She said none of the information met the legal threshold that would have required Amnesty to disclose the breach to affected donors or the Office of the Australian Information Commissioner, which tracks hacks.
“Our investigation found no evidence that any information has been or will be misused,” she said.
Loading
Hacks have to be disclosed if they are likely to result in “serious harm to one or more individuals, and the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action”.
The information commissioner’s office has been contacted for comment.
The Amnesty Australia spokeswoman said the organisation takes cybersecurity seriously and had made its systems more secure. The hack only affected Amnesty International Australia, not other branches of the global human rights advocacy group.