Amnesty International Australia (AIA) working together with the Australian Cyber Security Centre (ACSC) identified potential anomalous activity within the AIA IT environment late last year.
As soon as AIA became aware of the activity on 3 December 2022, we immediately activated our incident response plan and engaged leading external cyber security and forensic IT advisors to help determine if any unauthorised access to our IT environment had occurred.
We also acted quickly to ensure the AIA IT environment was secure and contained, put additional security measures in place and commenced an extensive investigation.
The investigation is now complete and identified that an unauthorised third-party gained temporary access to our IT environment. In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed.
None of the information accessed meets the criteria or threshold for notification under the Notifiable Data Breaches Scheme in the Privacy Act and our investigation found no evidence that any information has been or will be misused.
This cyber event was limited to Amnesty International Australia and did not affect any other branches of the wider organisation.
AIA takes cyber security very seriously and has applied enhanced cyber-security measures to prevent any recurrence. We will continue to update and modify our systems to meet the latest cyber threats as they emerge.
We will also continue to liaise with the Australian Cyber Security Centre (and our external cyber security advisors) to draw upon their advice and expertise as the Australian Government’s lead agency for cyber-security.
We would like to take this opportunity to assure our community there is no evidence that any of the low-risk information has been (or will be) misused. We do however urge all our community to remain vigilant and utilise the free educational tools available on the www.cyber.gov.au website which provides detailed guidance on how to protect yourself online and from phishing and cyber-related scams which are sadly on the rise.
We are disappointed that this cyber event occurred and sincerely thank the community for their ongoing support as we continue our important work to advance human rights across Australia and the Asia-Pacific.