Smith Family Confirms October 2022 Cyberattack Exposing 80,000 Donors' Data
The Smith Family, a prominent Australian children's charity, has confirmed a cyberattack that occurred in October 2022. The attack resulted in the temporary access of a team member's email account by an unauthorized third party, potentially exposing sensitive donor information.
The stolen data includes names, addresses, contact details, and donation amounts of up to 80,000 donors. Additionally, the first and last four digits of the card used for donations were also compromised. However, the charity has assured that full credit card numbers, expiry dates, and CVV numbers were not stolen as they do not retain such information.
The Smith Family CEO, Doug Taylor, confirmed the attack on November 22, 2022, and the charity has since secured its IT systems and commenced an investigation with cybersecurity experts. As of now, there is no evidence of any misuse of donors' data. The charity is in the process of notifying all affected donors.
The Smith Family cyberattack, which occurred in October 2022 and was officially reported on October 2, 2025, is unrelated to other recent Australian cyberattacks, such as those on Optus or Medibank Private. The charity, which generated revenues of AUD154.4 million in the 2020/21 financial year, supporting almost 180,000 children and young people, has taken swift action to protect its donors and is cooperating with authorities to investigate the incident.
