Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Oxfam Australia Investigates Data Breach After Database Sold Online

Oxfam Australia Investigates Data Breach After Database Sold Online

Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum.

Oxfam Australia is a charity focused on alleviating poverty within the indigenous Australian people and people from Africa, Asia, and the middle east. The charity is part of a confederation of twenty charities worldwide operating under the Oxfam umbrella.

Last week, BleepingComputer learned of a threat actor claiming to be selling a database containing the Oxfam Australia contact and donor information for 1.7 million people.

Threat actor selling Oxfam database

The database samples seen by BleepingComputer included names, email addresses, addresses, phone numbers, and donation amounts.

Sample of Oxfam Australia data

BleepingComputer has confirmed that one of the records contains legitimate data for a donor from sample data shared by the threat actor.

When BleepingComputer learned about this sale, we contacted Oxfam Australia, who immediately stated that they were investigating the situation.

Also Read: What Is A Governance Framework? The Importance And How It Works

Oxfam Australia discloses a suspected data breach

Today, Oxfam Australia told BleepingComputer that they continue to investigate the breach and reported it to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).

“Late last week, Oxfam Australia was alerted to a suspected data incident. Oxfam immediately launched an investigation and engaged market leading experts to assist in identifying whether data may have been accessed and any impact on its supporters.”

“Chief Executive Lyn Morgain said Oxfam Australia had reported the matter to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) while continuing to investigate the suspected incident,” disclosed their suspected data incident notification.

Oxfam Australia has told BleepingComputer that it is unknown what data was potentially accessed and how many people were affected.

The charity is investigating the incident and will update its security advisory as more information is known.

What should Oxfam Australia donors do?

While the cyberattack has not been officially confirmed, based on the threat actor’s information, it is likely that a data breach occurred.

With this in mind, all donors and registered members should change their password on the Oxfam Australia site. If you use that same password on other sites, you should change it there as well.

Threat actors can also use the alleged data in this database to perform targeted phishing attacks.

Also Read: Website Ownership Laws: Your Rights And What These Protect

All donors should be on the lookout for phishing attacks claiming to be from Oxfam and asking for further personal information.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us