CEO Doug Taylor said in a statement the hack was an attempt to steal money from the charity, but that the attempt was “unsuccessful”.
“We immediately took steps to secure our systems,” Taylor said.
“We then commenced an investigation of the incident and engaged specialist cyber security experts to understand what happened.
“We have also taken steps to further strengthen our systems.
“From our investigation, we identified that during the attempt to steal our funds, personal information about some individuals may have been accessed.
“The personal information of supporters that may have been accessed includes a mixture of names; (a) combination of phone number, address and/or email address; information about whether a donation payment was processed successfully or declined and the donation amount; and in some instances, first and last four digits of the credit or debit card used to donate.”
The Smith Family confirmed no middle card digits, expiry dates or CVV numbers were accessed, as the charity doesn’t store that information in its systems.
Personal information such as passport details or driver’s licences is also not at risk, as donors aren’t required to offer them.
‘Dropped my phone down the toilet’: Insidious scam text’s new message
“The data accessed in itself cannot be used to make fraudulent purchases,” Taylor said.
“While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams.
“We are also contacting individuals whose personal information was not accessed and are not directly affected by this incident.”
Taylor said the charity apologised for “any inconvenience or stress”.