Greenpeace Aotearoa has been caught up in a credit card fraud attempt, which has seen the organisation’s online donation system used to validate stolen credit card numbers by an unknown third party.
Greenpeace worked as a priority to address the incident and investigate what happened alongside external cyber security experts.
We have no evidence that any complete credit card information was taken from Greenpeace. However, in the process of exploiting the vulnerability, the hacker may have obtained some contact information for Greenpeace supporters, including email addresses, names and postal addresses. We have no evidence that this information was the target of the cyber incident or of any misuse of this information.
Greenpeace has contacted all donors concerned and notified both the police and the Privacy Commissioner.
‘Stripe Payment Processing’ automatically refunded all fraudulent credit card charges during the relevant period. We recommend that our supporters remain vigilant to scam attempts and monitor their credit card statements closely.
As part of the automatic refund process, a number of legitimate donations to Greenpeace were also inadvertently refunded. These donors have been contacted directly.
Greenpeace thanks its donors for their support during this period. If you have any questions, please contact [email protected]