Online Fundraising Platform MyCause Hacked
5 August 2014 at 10:54 am
The credit cards of more than 12,000 donors and charity partners to the crowdfunding and online fundraising organisation mycause are said to have been “compromised” after its website was hacked last week.
A statement from mycause says credit card data from donors using the website between June 1- July 29, 2014 was obtained and possibly used for fraudulent transactions.
“On July 29th mycause staff became aware that the mycause server was compromised by a group of opportunistic and sophisticated hackers,” mycause CEO and Founder, Tania Burstin, said.
“In response mycause notified over 12,000 donors and our charity partners via email while a security ‘alert’ page on the website was set up. A statement was released on Facebook and users were updated on Twitter.
“Enhanced security measures are now in place protecting the mycause platform and the problem has been remediated.”
Burstin said mycause does not store credit card data and all input pages were https secure.
“The hackers intercepted the sensitive information in the fraction of time it moves from our servers to the ANZ payment gateway,” she said.
“mycause’s in house tech team along with our server providers, ANZ and two industry security specialists have now fixed the problem and are working on further enhanced security measures.
“Hacking is an ongoing security concern for all online companies and charities. Mycause was specifically targeted because of the work we do in crowd funding and online fundraising and the large number of transactions we process.
“That these criminals would target the goodwill and generosity of people trying to help charitable causes is abhorrent.
“We are extremely sorry and devastated that these breaches have occurred and are doing everything possible to enhance security to stay ahead of hackers.
“We want to apologise unreservedly and sincerely for all the stress and inconvenience caused by this attack.”
Burstin said mycause has advised anyone who feels they may be at risk to contact their bank or card issuer and take action based on their advice. All card issuers will cover fraudulent activity and donors will not be out of pocket.
“I would also like to thank our charity partners and donors who have contacted us to support us in what is a difficult time for all,” Burstin said.