When giving goes big
Posted on 16 Sep 2024
Philanthropists are increasingly shooting for the moon in their efforts to make a lasting impact,…
Posted on 03 Sep 2024
By Matthew Schulz, journalist, Institute of Community Directors Australia
One of Victoria’s oldest and largest charities is battling a major data hack in which an estimated 215 GB of data and nearly 420,000 files have been taken and likely published on the dark web.
Meli Community employs more than 750 staff from its Geelong base and is a Barwon region operator of kindergartens, foster care, family violence services, and school and youth help, as well as providing mental health, drug and alcohol, homelessness, financial assistance and NDIS services.
According to a recent financial statement, the organisation’s annual revenue to January 2024 was just over $49 million. Yet the cyberattack has forced it to resort to using paper-based and manual systems for some services.
The breach occurred in late July, just as the world was battling with the CrowdStrike IT meltdown. Late last month, the Qilin ransomware group began publishing Meli data on its dark web portal, posting multiple photographs of important financial documents and passport information.
Qilin claimed to have snatched 215 GB of data and 419,617 files from the charity.
In a statement on its website, Meli apologised to its clients and confirmed it was “currently investigating a cyber incident that has impacted our organisation”.
“As soon as we detected the incident, we took steps to secure our system. We also partnered with leading forensic specialists and cybersecurity advisors to investigate what has happened. Our investigation is ongoing.”
Meli said it was “urgently investigating the nature and extent of the published dataset”, after becoming aware of claims that the information had been published “by an unauthorised third party”.
The company has informed several authorities about the breach, including the Australian Cyber Security Centre (ACSC), Victoria Police, the Office of the Australian Information Commissioner (OAIC), the Office of the Victorian Information Commissioner, and state and federal government agencies.
“We will continue to cooperate with law enforcement and the relevant government agencies as required,” the company said in a statement.
Meli issued a string of recommendations about how clients and users of its services should protect their personal data, and also referred users to the Australian Cyber Security Centre website and the ACCC’s Scamwatch website.
The Community Advocate contacted Meli with several questions about the cyberattack, including whether the organisation had been asked for a ransom payment, what actions it had taken to prevent the release of any data on the dark web, more detail about the information taken and whether staff, volunteers and clients had been affected.
Through a public relations company, the organisation put out a statement which repeated most of the web statement but added: “Our important work supporting clients and the community remains our utmost priority. We thank our funders for their ongoing support and together we will continue our important role of supporting people and strengthening communities.”
Meli Community resulted from a merger of the former Barwon Child, Youth & Family (BCYF) and the Bethany Group about a year ago. Its name refers to meliorism, or the idea that the world can be improved through human effort.
The organisation has offices and kindergartens in Greater Geelong, on the Bellarine Peninsula, on the Surf Coast, and in Winchelsea, Colac, Bannockburn, Warrnambool and Horsham.
Bethany was first set up in 1868 as a women’s refuge, while BCYF began as Geelong’s first orphanage.
Qilin, sometimes known as Agenda, employs Russian-based code, and is a growing international threat, having previously targeted hospitals in London, the publishers of the Big Issue in the UK, and IT provider Dialog as well as the Victorian court system in Australia.
Infoxchange CEO David Spriggs said the incident served as just the latest warning to all not-for-profits to brace for such attacks.
“Cyber attacks are continuing to become more prevalent in the community sector, causing significant disruption and damage to the reputation and daily work of not-for-profits,” Mr Spriggs said.
He said Infoxchange's most recent Digital Technology in the Not-for-profit Sector Report had found many not-for-profits were missing basic cyber security protections, with only 20% providing cyber security awareness training for staff or having a plan to improve their cyber security “posture”.
“We advise organisations to ensure they are conducting regular cyber security audits, are implementing strong cyber security practices and educating both staff and volunteers on cyber risks and the critical steps to protect information.
“It is important to prepare for 'when' not 'if' scenarios."
And he repeated a call for the federal government to help the sector.
“We call again on the Australian government to appropriately fund capacity building for the charities and not-for-profit sector to help the sector better prevent these attacks and respond to increasing cyber security threats.”
He said organisations could visit Infoxchange's free Cyber Safe Hub for training for staff and volunteers, and use the guides to cyber security on its Digital Transformation Hub.
Posted on 16 Sep 2024
Philanthropists are increasingly shooting for the moon in their efforts to make a lasting impact,…
Posted on 16 Sep 2024
September 18 is Childhood Dementia Day. With many Australians unaware that thousands of children…
Posted on 12 Sep 2024
Fundraising experts say that better understanding donors’ attitudes to the community sector will go…
Posted on 12 Sep 2024
NFPs would be wise to consider innovative ways to diversify their income and the benefits of doing…
Posted on 12 Sep 2024
Small to medium not-for-profits have enjoyed a 5% donations spike compared to this time last year,…
Posted on 12 Sep 2024
A unique Australian investment vehicle is on track to give more than $100 million to Australian…
Posted on 12 Sep 2024
A year into her job connecting learning institutions and employers to help young people, Central…
Posted on 12 Sep 2024
Philanthropic expert Genevieve Timmons has updated her book Savvy Giving for a new decade. In this…
Posted on 11 Sep 2024
A leading not-for-profit (NFP) finance expert has urged NFPs and charities to rethink their views…
Posted on 11 Sep 2024
More than 13 years after she began selling copies of the Big Issue, Perth-based Kellie isn't ready…
Posted on 10 Sep 2024
While cost-of-living pressures, homelessness and economic disadvantage are staples of media…
Posted on 10 Sep 2024
The Olivia Newton John Foundation, Moreton Bay Regional Community Legal Service and Kids Outreach…