Is your personal information safe? A recent data breach affected thousands of charity donors
- Replies 5
Many believe that if you have the means and resources to give, you should be generous and do just that. This holds particularly true when donating to charities—regardless of where or how you contribute.
After all, it's the small things (or donations, in this case) that can make a significant impact on important causes.
However, as is the case with any transaction involving money or sensitive information, there's always a risk of such data falling into the wrong hands.
Unfortunately, these risks recently turned into a reality for several Australian charities. A data breach in April exposed thousands of donor information on the dark web. Let's look at what happened and how you can be careful when donating next time.
The victim behind the data breach was identified as Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors for charities.
Recently, the Australian Conservation Foundation (ACF) has become the latest charity to be caught up in the Pareto Phone scandal, with the charity confirming that 13,500 of its donors' details had been compromised in the wake of the cybercrime breach.
In a statement, the charity's spokesperson said the ACF was 'dismayed' to learn the news.
'We trusted Pareto with our supporters' personal information so the company could help us raise funds to continue our environmental protection and advocacy work,' the spokesperson said.
'We are concerned that Pareto kept old data it should have destroyed.'
At the time of reporting, it was said that around 70 other Australian charities were using the company's services, but it's still unclear how many were caught up in the breach. The three charities that had confirmed they were affected were:
Canteen, for example, assured no financial information was shared. However, it confirmed that the information that had been breached were donors' full names, dates of birth, addresses, email addresses, and phone numbers.
On the other hand, The Fred Hollows Foundation said that based on what they had been told by Pareto Phone, no financial, credit card, or bank account information had been leaked.
Meanwhile, The Cancer Council was still waiting for more information from Pareto Phone regarding what kind of data had actually been breached.
So far, thousands of individuals have been affected by the breach.
Canteen, for instance, said it had around 2,600 donors whose data had been shared in 2020 and 2021, while The Fred Hollows Foundation had 1,700 donors who fell victim to it between 2013 and 2014.
Unfortunately, The Cancer Council hasn't been able to determine the exact number of donors subjected to the breach.
In the wake of the incident, Pareto Phone has come forward to express its sincere apologies for what happened and is taking swift action to address the issue.
Their CEO, Chris Smedley, stated that they are working 'urgently' with forensic specialists to analyse the affected files and continue making calls for charities. They are also committed to protecting information held on the client's behalf and remain actively involved in helping to safeguard donor information.
The government quickly commented on the matter and deemed it 'deeply concerning'.
A Department of Home Affairs representative mentioned that the Australian Signals Directorate's Australian Cyber Security Centre 'stands ready to offer technical advice and remediation as required'.
They also reminded everyone that Australia's charities are an integral part of the community and urged everyone not to stop donating to them because of the incident.
How can I determine whether my data has been leaked?
The charities affected have confirmed they've contacted donors impacted by the data breach.
You can also use the website HaveIBeenPwned to check if your mobile number and email address have been involved in documented data breaches. This tool will instantly inform you if your data has been exposed in recognised unintentional breaches or instances where information has been publicly posted.
However, please note that if you wish to find out if your data has been compromised in more sensitive breaches, you'll need to subscribe.
This free website is maintained by Australian cybersecurity professional Troy Hunt and is powered by a database of known leaked data. Still, it's important to understand that if this search doesn't reveal anything, it doesn't necessarily guarantee that your data hasn't been accessed.
You can also use the Australian Cyber Security Centre (ACSC)'s Have you been hacked? tool. Then, select 'My information has been lost or stolen' and follow the prompts. The tool will tell you the steps you should take to secure your finances, accounts, email and identity.
Our hearts go out to those who have been affected by the data breach. We also urge everyone to be extra cautious and mindful when it comes to providing personal information on the internet.
We hope you found this article helpful and informative, members. What are your thoughts? Did you check if you were affected by the breach? Let us know in the comments section below.
After all, it's the small things (or donations, in this case) that can make a significant impact on important causes.
However, as is the case with any transaction involving money or sensitive information, there's always a risk of such data falling into the wrong hands.
Unfortunately, these risks recently turned into a reality for several Australian charities. A data breach in April exposed thousands of donor information on the dark web. Let's look at what happened and how you can be careful when donating next time.
The Australian Conservation Foundation says 13,500 of its donors' details have been leaked on the dark web in the Pareto Phone data breach. Credit: Shutterstock.
The victim behind the data breach was identified as Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors for charities.
Recently, the Australian Conservation Foundation (ACF) has become the latest charity to be caught up in the Pareto Phone scandal, with the charity confirming that 13,500 of its donors' details had been compromised in the wake of the cybercrime breach.
In a statement, the charity's spokesperson said the ACF was 'dismayed' to learn the news.
'We trusted Pareto with our supporters' personal information so the company could help us raise funds to continue our environmental protection and advocacy work,' the spokesperson said.
'We are concerned that Pareto kept old data it should have destroyed.'
At the time of reporting, it was said that around 70 other Australian charities were using the company's services, but it's still unclear how many were caught up in the breach. The three charities that had confirmed they were affected were:
- The Cancer Council,
- Canteen, and
- The Fred Hollows Foundation.
Canteen, for example, assured no financial information was shared. However, it confirmed that the information that had been breached were donors' full names, dates of birth, addresses, email addresses, and phone numbers.
On the other hand, The Fred Hollows Foundation said that based on what they had been told by Pareto Phone, no financial, credit card, or bank account information had been leaked.
Meanwhile, The Cancer Council was still waiting for more information from Pareto Phone regarding what kind of data had actually been breached.
So far, thousands of individuals have been affected by the breach.
Canteen, for instance, said it had around 2,600 donors whose data had been shared in 2020 and 2021, while The Fred Hollows Foundation had 1,700 donors who fell victim to it between 2013 and 2014.
Unfortunately, The Cancer Council hasn't been able to determine the exact number of donors subjected to the breach.
In the wake of the incident, Pareto Phone has come forward to express its sincere apologies for what happened and is taking swift action to address the issue.
Their CEO, Chris Smedley, stated that they are working 'urgently' with forensic specialists to analyse the affected files and continue making calls for charities. They are also committed to protecting information held on the client's behalf and remain actively involved in helping to safeguard donor information.
The government quickly commented on the matter and deemed it 'deeply concerning'.
A Department of Home Affairs representative mentioned that the Australian Signals Directorate's Australian Cyber Security Centre 'stands ready to offer technical advice and remediation as required'.
They also reminded everyone that Australia's charities are an integral part of the community and urged everyone not to stop donating to them because of the incident.
How can I determine whether my data has been leaked?
The charities affected have confirmed they've contacted donors impacted by the data breach.
You can also use the website HaveIBeenPwned to check if your mobile number and email address have been involved in documented data breaches. This tool will instantly inform you if your data has been exposed in recognised unintentional breaches or instances where information has been publicly posted.
However, please note that if you wish to find out if your data has been compromised in more sensitive breaches, you'll need to subscribe.
This free website is maintained by Australian cybersecurity professional Troy Hunt and is powered by a database of known leaked data. Still, it's important to understand that if this search doesn't reveal anything, it doesn't necessarily guarantee that your data hasn't been accessed.
You can also use the Australian Cyber Security Centre (ACSC)'s Have you been hacked? tool. Then, select 'My information has been lost or stolen' and follow the prompts. The tool will tell you the steps you should take to secure your finances, accounts, email and identity.
Our hearts go out to those who have been affected by the data breach. We also urge everyone to be extra cautious and mindful when it comes to providing personal information on the internet.
We hope you found this article helpful and informative, members. What are your thoughts? Did you check if you were affected by the breach? Let us know in the comments section below.
.png){kind=icon}
