Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Beware of unusual requests for membership lists

Organisations are being warned to watch out for unusual email requests for membership lists.

The OAIC has become aware of a number of non-profit membership organisations — including unions and professional bodies — who have been targeted by phishing attacks aimed at junior-level administrative employees. Attackers are sending these employees fake emails that claim to be requests from their bosses for copies of their organisations’ membership lists.

The OAIC recommends that unusual requests for information should be treated carefully before any response is given. The incidents came to the attention of the OAIC through its voluntary data breach notification scheme. If an organisation experiences a data breach then it should consider notifying the OAIC and referring to the Data Breach Notification Guide: A Guide to Handling Personal Information Security Breaches.