ShellCodeX Breach Report
Oxfam Data Breach
oxfam.org.au
Verified breach
Accounts exposed
1,834,006
Breach date
20 Jan 2021
Added to tracker
02 Mar 2021
Data classes
9
What happened
In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth. A small number of people also had partial credit card data exposed (the first 6 and last 3 digits of the card, plus card type and expiry) and in some cases the bank name, account number and BSB were also exposed. The data was subsequently made freely available on the hacking forum later the following month.
Exposed data
Bank account numbers
Dates of birth
Email addresses
Genders
Names
Partial credit card data
Payment histories
Phone numbers
Physical addresses
Recommended actions
- Watch for targeted phishing emails referencing Oxfam โ attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP