Select Page

Incident: Thousands of donors to Australian charities, including Cancer Council and Canteen, have data leaked to dark web | ABC News (Australia)

Posted by | Aug 23, 2023 | , , , , , , | 0 |

Incident: Thousands of donors to Australian charities, including Cancer Council and Canteen, have data leaked to dark web | ABC News (Australia)

Australian Telemarketer Breach, 23 August 2023

Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, was hacked by cybercriminals in April

Amnesty International Australia, Australian Conservation Foundation, Wilderness Society, Cancer Council Cancer, The Fred Hollows Foundation, Canteen, Heart Foundation Heart Foundation, Medecins Sans Frontieres

Company Statements:

View more incidents from Charities and Not For Profit sector and incidents relating to Queensland

Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, was hacked by cybercriminals in April.

In a statement on Wednesday, Pareto Phone’s CEO, Chris Smedley apologised for the distress the breach had caused and said the company was working “urgently” with forensic specialists to analyse affected files. He did not respond to The Fred Hollows Foundation’s claim.

More than 320,000 files stolen from Pareto servers by cybercriminals in April were made public on the dark web last month, including tens of thousands of charity donor details.

Staff Information: Highly sensitive documents like police checks, child support documents, pay negotiations, HR incidents, immigration sponsorship details, COVID vaccination credentials, tax file numbers, passports and licences were also swept up in the wide-reaching leak.

Donor information including full names, date of birth, addresses, email addresses and phone numbers had been released, but not financial information.

The ABC understands more than 70 Australian charities used Brisbane-based Pareto Phone, but not all had been affected.

The Cancer Council, Canteen and Fred Hollows Foundation have confirmed donor information has been published on the dark web.

The Fred Hollows Foundation said 1,700 of its donors were affected, and claimed the data had been held without the charity’s knowledge.

In a statement on Wednesday morning, Médecins Sans Frontières (MSF) said it had not engaged the third-party fundraiser since 2018.

“Under the Australian Privacy Principles, organisations must take reasonable steps to destroy personal information data that is no longer required.

“MSF has not worked with Pareto Phone for almost five years.

“Pareto Phone has informed the regulators, the Office of the Australian Information Commissioner (OAIC) and the NZ Privacy Commissioner of their data breach.

Australian Conservation Foundation

“ACF can regretfully confirm some of our supporters’ personal information has been compromised in the Pareto data breach. We have notified 13,500 supporters who have been affected. We understand no ACF supporters’ credit card information or identifying documents are involved.

We trusted Pareto with our supporters’ personal information so the company could help us raise funds to continue our environmental protection and advocacy work. We are concerned Pareto kept old data it should have destroyed. We are suspending our relationship with Pareto immediately.

Wilderness Society

Unfortunately the identified files include some Wilderness Society supporter data. Pareto Phone has informed us that they have not identified any compromised data files related to Wilderness Society supporters that contain credit card or bank account details.
Please note that the Wilderness Society’s own systems have not been impacted by this incident in any way.

 

Australian Conservation Foundation Statement on Pareto data breach

Wilderness Society – Statement Pareto Phone data incident

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: NAB sent customer data to domain name squatter, owner of adult websites | SMH

Incident: NAB sent customer data to domain name squatter, owner of adult websites | SMH

January 10, 2017

Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews

Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews

July 28, 2019

Incident: Anglicare Sydney 4 laptops stolen from office by unknown parties | Anglicare Sydney

Incident: Anglicare Sydney 4 laptops stolen from office by unknown parties | Anglicare Sydney

December 29, 2019

NZ Incident – Ransomware attack: Waikato DHB supporting patients after documents dumped online | stuff

NZ Incident – Ransomware attack: Waikato DHB supporting patients after documents dumped online | stuff

June 29, 2021

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack
Exclusive: Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack

Queensland-based firm Kennedy McLaughlin says it has notified impacted individuals as hackers publish client financial and banking data online. • Fri, … [...]

Gov urges agencies to fix security basics before buying into frontier AI
Gov urges agencies to fix security basics before buying into frontier AI

The federal government has told its agencies that the answer to frontier artificial intelligence (AI) compressing attack timelines from days to hours … [...]

Leader selected for Australia's new AI Safety Institute | ABC NEWS
Leader selected for Australia's new AI Safety Institute | ABC NEWS

Dr Kate Conroy has been chosen as the inaugural general manager of Australia's AI Safety Institute. The institute is a new government body within the Department of Industry, Science and [...]

Cybersecurity issues facing Australia's 2026 Census
Cybersecurity issues facing Australia's 2026 Census

The Australian Bureau of Statistics (ABS) must strengthen its cybersecurity preparedness ahead of the 2026 Census in August, an audit of the … [...]

Aussie government proposes automatic reimbursement for scam losses below $3,000
Aussie government proposes automatic reimbursement for scam losses below $3,000

Government outlines its plan to streamline dispute resolution processes to ensure “responses are appropriate without imposing unnecessary burden on … [...]

Exclusive: Victorian retail logistics firm allegedly breached by DragonForce
Exclusive: Victorian retail logistics firm allegedly breached by DragonForce

Threat actors have claimed a cyber incident impacting a Victoria-based logistics firm, claiming to have stolen over half a terabyte of data. • Thu, 28 … [...]

Scam victims to get up to $3,000 under new government proposal | ABC NEWS
Scam victims to get up to $3,000 under new government proposal | ABC NEWS

Under the federal government’s proposed laws, scam victims could getup to $3,000 back from their bank or other companies. National Consumer Affairs reporter Michael Atkin says it would be a [...]

Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware
Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware

A company with clients including the Department of Foreign Affairs and Trade, the Royal Flying Doctor Service, and many more has suffered a potential … [...]

Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked
Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked

Qilin ransomware continues its ANZ hacking campaign, listing an Auckland-based health supplement producer. • Wed, 27 May 2026 • Security *]:clear-none … [...]

Scammers target Australians with 'free' tai chi classes ad to trick them into downloading malware
Scammers target Australians with 'free' tai chi classes ad to trick them into downloading malware

Scammers are targeting Australians with advertisements for 'free' tai chi classes to trick them into downloading malware capable of stealing money … [...]

Attorney-General's Department contacted Australian Cyber Security Centre when notified of court privacy breach
Attorney-General's Department contacted Australian Cyber Security Centre when notified of court privacy breach

Litigants in at least 146 court matters were potentially involved in a data breach that is now the subject of a formal complaint with the privacy … [...]

Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms
Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms

Scammers are advertising crypto trading websites filled with fake data to share trading message groups – and taking victims’ money right now. • Mon, … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading