Children’s charity The Smith Family has become the latest major Australian organisation to fall victim to a cyberattack, with hackers gaining access to its donors’ confidential information including credit card details.

The charity on Tuesday confirmed it detected a data breach in October, in which a hacker got into a staff member’s email, and stopped an attempt to steal the charity’s funds. But after digital investigators completed an investigation last week, they found that files with donor names, addresses and contact information were in the inbox along with the partial credit card data.

“We apologise for any concern or stress that this incident may have caused,” chief executive Doug Taylor said in a statement. “We’re contacting every single donor and sponsor about the incident, whether their information may have been accessed or not.”

There was no indication so far that any donor information had been misused, Taylor said. Recent cyber breaches, including the attack on Medibank, have shown early indications are often unreliable and it is not clear whether the hackers opened the sensitive files. Supporters have been told to be wary of unsolicited messages, not to click unknown links and review cyber.gov.au for further advice.

The card information breached is limited to the first four and last digits on some cards. Other card data was not stored by The Smith Family, it said.

Loading

The charity, which helps to educate children in need, has not yet said how many donors have been affected. The Smith Family does not know the hacker’s identity but has informed the Australian government’s Cyber Security Centre and the Office of the Australian Information Commissioner, which enforces data breach laws.

A spokesman for the information commissioner confirmed the breach had been reported.

“Under the Privacy Act, organisations have obligations to protect against unauthorised access, disclosure or loss of personal information,” the spokesman said.