Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Oxfam Australia Confirms Data Breach After Stolen Info Sold Online

Oxfam Australia Confirms Data Breach After Stolen Info Sold Online

Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January.

Oxfam Australia is a charity focused on alleviating poverty in  Africa, Asia, and the middle east. The charity is part of a confederation of twenty individual charities operating under the Oxfam name.

Last month, BleepingComputer was the first to report that a threat actor was selling a stolen Oxfam Australia database containing 1.7 million user records. These records included names, email addresses, addresses, phone numbers, and donation amounts.

From the database samples shared by the threat actor, BleepingComputer was able to confirm that at least one of the records contained accurate information.

Threat actor selling Oxfam Australia database

After contacting Oxfam Australia about the sale, the charity told BleepingComputer that they had begun an investigation into the attack.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

Today, Oxfam Australia has confirmed that they suffered a data breach that has exposed donor information.

“Following an independent IT forensic investigation, Oxfam Australia announced today that it has found supporters’ information on one of its databases was unlawfully accessed by an external party on 20 January 2021.”

“The database includes information about supporters who may have signed a petition, taken part in a campaign or made donations or purchases through our former shops.”

“While the investigation found that no passwords were compromised, the database unlawfully accessed by the external party for the majority of supporters included names, addresses, dates of birth, emails, phone numbers, gender and in some cases, donation history. For a limited group of supporters, the database contained additional information, and Oxfam is contacting these supporters directly to inform them of the specific types of information relevant to them,” Oxfam Australia disclosed today.

Oxfam Australia states that a small subset of donors the threat actor may have had access to bank names, account numbers, and partial credit card numbers.

It is not known if any threat actors purchased the stolen data after it was marketed on hacker forums.

What should Oxfam Australia donors do?

When we first reported on the breach, we advised Oxfam Australia donors to change their password on the site and other sites that utilize the same password.

While Oxfam Australia states that no passwords have been changed, we still advise that you secure your accounts to be safe due to the amount of data stolen by the threat actor.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

As threat actors commonly use stolen data to harvest further sensitive information, Oxfam Australia donors should be on the lookout for targeted phishing emails, SMS texts, and phone calls pretending to be from Oxfam.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us