Hackers accessed Amnesty International Australia donor information in an attack last year that the human rights charity waited for four months to disclose.
In a statement posted to its website on Friday, five days after queries from this masthead, Amnesty said it had detected the attack on December 3, 2022. The charity said it subsequently secured its IT systems and started an investigation.
Amnesty International Australia detected the hack late last year but only disclosed it on Friday.Credit: Silas Stein/Getty Images
“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed,” a spokeswoman said.
She said none of the information met the legal threshold that would have required Amnesty to disclose the breach to affected donors or the Office of the Australian Information Commissioner, which tracks hacks, because it was incomplete, already public or had scant potential to cause damage.
Loading
“Our investigation found no evidence that any information has been or will be misused,” she said.
Hacks must be disclosed if they are likely to result in “serious harm to one or more individuals, and the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action”.
Private health insurer Medibank, which suffered a huge hack late last year that exposed sensitive health data on millions of Australians, announced on Friday it had received a report on the attack from Deloitte.
The company had engaged the consultants to carry out an external incident review into the breach.