Charity donor details leaked to dark web after Pareto Phone breach
Some of Australia’s most high profile charities have been hit in a hacking scandal that could threaten to undermine their donor base.
Some of Australia’s most high profile charities have become inadavertedly involved in a massive data breach with cybercriminals hacking thousands of donor details through a third party.
The company at the centre of the hacking, Pareto Phone, collects donations from charity supporters.
The Cancer Council, Canteen and The Fred Hollows Foundation have confirmed to news.com.au donor data, collected through Pareto Phone, has been leaked on the dark web.
The data breach occurred in April this year.
Canteen, which supports young people dealing with cancer, told news.com.au that only a “subset of Canteen supporters” had their data breached.
“We know the following data points were included in the breach: full name, date of birth, addresses, email address, phone number,” a spokesperson said.
The charity stressed that its own system has not been impacted.
“We continue using the best available software to protect our computers, databases, emails and other systems,” a spokesperson said.
“We run regular scans to identify and address vulnerabilities and have dedicated cybersecurity staff to maintain and review our protections.”
news.com.au understands that the charity is not aware of any misuse of the compromised information for financial gain and all impacted donors (believed to be 2600) have been contacted.
The Fred Hollows Foundation said they had not worked with Pareto Phone since 2014.
“We were recently notified that a small number of our files had been retained by Pareto Phone without our knowledge and were involved in a data breach,” they said in a statement.
A spokesman for the charity said he believed the impact to donor data was limited to about 1700 donors and that the compromised data does not involve financial, credit card or bank account information.
He said the charity had not been aware the data was still held by Pareto Phone and that it was against the law for the charity to hold it.
There is a requirement for personal information data to be destroyed or de-identified once it is no longer needed for the purpose for which it was collected.
The CEO of Cancer Council Australia Professor Tanya Buchanan told news.com.au it was still “waiting for Pareto Phone to provide us with clarity on how many of donors’ data and what kind of data has been breached”.
“At information comes to hand, we are immediately notifying anyone who has been adversely affected, which to date is a very small number,” she said.
Cancer Council has now severed ties with Pareto Phone.
Pareto Phone did not respond to requests for comment by news.com.au.
But in a statement to the ABC the company’s CEO Chris Smedley apologised for the distress the breach had caused, and said the company was working “urgently” with forensic specialists to analyse affected files.
More Coverage
“We have not at this stage identified any identity documents such as tax file numbers, driver licenses and passports about any donor,” Mr Smedley said.
He did not respond to The Fred Hollows Foundation’s claim.
Mr Smedley said the company continues to make calls on behalf of charities and is committed to protecting information held on their behalf.
Meta agrees to huge payout for Aussies
Tech giant Meta has agreed to pay out a whopping sum to Australians who were impacted by a major privacy scandal.
Aussie cane toads, kangaroos and sharks stump Apple Intelligence
Image Playground is one of the most fun new features of Apple Intelligence, but how good it is in coming close to reality? We put it to the test.
Nazi threat sparks call for hate database
An inquiry into the rising threat of right wing extremism has delivered a set of options to roll back the hatred, including a new national hate crimes database.