Select Page

Incident: Thousands of donors to Australian charities, including Cancer Council and Canteen, have data leaked to dark web | ABC News (Australia)

Incident: Thousands of donors to Australian charities, including Cancer Council and Canteen, have data leaked to dark web | ABC News (Australia)

Australian Telemarketer Breach, 23 August 2023

Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, was hacked by cybercriminals in April

Amnesty International Australia, Australian Conservation Foundation, Wilderness Society, Cancer Council Cancer, The Fred Hollows Foundation, Canteen, Heart Foundation Heart Foundation, Medecins Sans Frontieres

Company Statements:

View more incidents from Charities and Not For Profit sector and incidents relating to Queensland


Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, was hacked by cybercriminals in April.

In a statement on Wednesday, Pareto Phone’s CEO, Chris Smedley apologised for the distress the breach had caused and said the company was working “urgently” with forensic specialists to analyse affected files. He did not respond to The Fred Hollows Foundation’s claim.

More than 320,000 files stolen from Pareto servers by cybercriminals in April were made public on the dark web last month, including tens of thousands of charity donor details.

Staff Information: Highly sensitive documents like police checks, child support documents, pay negotiations, HR incidents, immigration sponsorship details, COVID vaccination credentials, tax file numbers, passports and licences were also swept up in the wide-reaching leak.

Donor information including full names, date of birth, addresses, email addresses and phone numbers had been released, but not financial information.

The ABC understands more than 70 Australian charities used Brisbane-based Pareto Phone, but not all had been affected.

The Cancer Council, Canteen and Fred Hollows Foundation have confirmed donor information has been published on the dark web.

The Fred Hollows Foundation said 1,700 of its donors were affected, and claimed the data had been held without the charity’s knowledge.

In a statement on Wednesday morning, Médecins Sans Frontières (MSF) said it had not engaged the third-party fundraiser since 2018.

“Under the Australian Privacy Principles, organisations must take reasonable steps to destroy personal information data that is no longer required.

“MSF has not worked with Pareto Phone for almost five years.

“Pareto Phone has informed the regulators, the Office of the Australian Information Commissioner (OAIC) and the NZ Privacy Commissioner of their data breach.

Australian Conservation Foundation

“ACF can regretfully confirm some of our supporters’ personal information has been compromised in the Pareto data breach. We have notified 13,500 supporters who have been affected. We understand no ACF supporters’ credit card information or identifying documents are involved.

We trusted Pareto with our supporters’ personal information so the company could help us raise funds to continue our environmental protection and advocacy work. We are concerned Pareto kept old data it should have destroyed. We are suspending our relationship with Pareto immediately.

Wilderness Society

Unfortunately the identified files include some Wilderness Society supporter data. Pareto Phone has informed us that they have not identified any compromised data files related to Wilderness Society supporters that contain credit card or bank account details.
Please note that the Wilderness Society’s own systems have not been impacted by this incident in any way.

 

Australian Conservation Foundation Statement on Pareto data breach

Wilderness Society – Statement Pareto Phone data incident

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Hacked! Royal Foods confirms cyber incident following The Gentlemen ransomware claims

Hackers behind the Mackay Sugar breach list Australian gourmet food supplier on darknet leak site. • Fri, 10 Jul 2026 • Security *]:clear-none … [...]

AUSCERT Week in Review for 10th July 2026

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has issued a critical alert following a large-scale cyber campaign … [...]

Telstra outage sends warning about dangers of future telecommunications attacks

Sky News host Jaimee Rogers says the Telstra outage is a warning for how dangerous a deliberate attack on Australia’s telecommunications could be. “Communications are critical infrastructure, so why aren't [...]

Telstra CEO says she is ‘deeply sorry’ for nationwide outage

The CEO of Telstra has returned from leave following the outage impacting its services, having now issued an apology for the issues caused. • Fri, 10 … [...]

Australian cyber security leader recognised with global AI ethics award

Maryam Shoraka has been named the 2026 Global Cybersecurity AI Ethics Woman of the Year, recognising her work at the intersection of cyber security … [...]

Cyber and Infrastructure Security Centre Website

Cyber and Infrastructure Security Centre Website Protecting Australia's Cyber and Infrastructure Security.​​​ [...]

Telstra outage: 'Software defect solution' in place after hundreds unable to call Triple Zero in outage

Telstra has implemented a fresh "solution" to resolve a secondary software defect that left hundreds of customers unable to make Triple Zero calls … [...]

Stolen Credentials Put Australia’s Critical-Infrastructure Defenses on the Clock

In critical infrastructure, the most dangerous breach is not always the one that breaks a firewall. Sometimes it is the one that looks like normal … [...]

Telstra outage fallout: Triple-Zero not fully restored, V/Line services still offline | ABC NEWS

Victoria's regional rail network remains at a standstill following a nationwide telecommunications outage yesterday that stranded commuters. Passengers are being urged not to travel on V/Line services if possible. Telstra [...]

Questions asked about telco regulation after Telstra suffers outage

Experts and advocates have demanded changes to how telecommunication companies are regulated and held accountable for outages after Telstra became … [...]

Scammers use AI image to target parents of WA missing man

Extortionists have sent the parents of a missing West Australian man an AI-generated image of their son and demanded thousands of dollars in exchange … [...]

Telstra outage halts regional train services in Victoria, NSW | ABC NEWS

A nationwide outage to Telstra services has caused all regional train services in Victoria to halt, as well as stopping two key branch lines in the NSW Southern Highlands and [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading