The Smith Family says it has informed around 80,000 donors their personal details may have been accessed after it was targeted by a hacker who attempted to steal money.
The Australian charity, which supports disadvantaged children, said in a statement the attempts by the hacker to steal money were unsuccessful.
It said an investigation revealed a combination of names, addresses, phone numbers, email addresses and donation records may have been accessed.
It said in some instances that included the first and last four digits of the credit or debit card used to donate.
"The Smith Family can confirm no middle digits, expiry date or CVV numbers were accessed as The Smith Family does not store that information in its systems," the charity said.
"The Smith Family also does not request, collect or hold personal identity documents such as passports or drivers' licences of our supporters, as these are not required to process their generous donations.
"The data accessed in itself cannot be used to make fraudulent purchases."
The charity said there was no current evidence any person's information had been misused but it wanted to inform customers so they could protect themselves from potential scams.
"The Smith Family remains committed to protecting the personal information of all our supporters and we apologise for any inconvenience or stress that notification of this incident may have caused," it said.
The Smith Family said it had engaged cyber security experts and further strengthened its systems.
It comes after a number of other high-profile hacks at prominent companies including telecommunications giant Optus and health insurer Medibank.
Some experts have criticised the federal government for "bad policy" around data retention which they argue leaves Australians' personal information open to being stolen.