Christian Charity in Brisbane Pareto Phone Data Breach Exposes Donor Information

Introduction

In April, Pareto Phone, a telemarketing company based in Brisbane, experienced a cyberattack that resulted in the hacking of their system by cybercriminals. As a result, sensitive information belonging to thousands of Australians has been leaked on the dark web. This data breach has impacted several charities that had engaged Pareto Phone’s services to contact potential donors on their behalf. In this article, we will provide an overview of the Pareto Phone data breach, including the affected charities, the information compromised, the number of people affected, actions taken by Pareto Phone, the government’s response, potential risks, and steps individuals can take if their data has been breached.

Charities Affected by the Pareto Phone Data Breach

As of now, we are aware of three charities that have confirmed their donor information has been published on the dark web as a result of the Pareto Phone data breach. These charities are:

1. The Cancer Council
2. Canteen
3. The Fred Hollows Foundation

It is important to note that not all charities that used Pareto Phone’s services have been affected by the breach. While more than 70 Australian charities utilized Pareto Phone, the extent of the breach remains unclear.

Information Compromised in the Pareto Phone Data Breach

The exact details of the information taken in the Pareto Phone data breach are still unclear. However, some charities have provided insights into the nature of the compromised data. Canteen has confirmed that no financial information has been leaked, but certain donor details such as full names, dates of birth, addresses, email addresses, and phone numbers have been exposed. The Fred Hollows Foundation, based on information received from Pareto Phone, states that the compromised data does not include financial, credit card, or bank account information. The Cancer Council is awaiting further clarification from Pareto Phone regarding the extent and type of data breached. Pareto Phone’s CEO, Chris Smedley, has assured that no identity documents such as tax file numbers, driver licenses, or passports have been identified among the donor data breach.

Number of Individuals Affected by the Pareto Phone Data Breach

At least 4,300 individuals have been affected by the Pareto Phone data breach. However, it is important to note that the actual number of people impacted may be higher, as not all affected charities have been identified. Here is what we know based on the information provided by the affected charities:

• Canteen: 2,600 donors from 2020 and 2021
• The Fred Hollows Foundation: 1,700 donors between 2013 and 2014
• The Cancer Council: A “very small number” of donors, pending confirmation from Pareto Phone

Actions Taken by Pareto Phone in Response to the Data Breach

Pareto Phone is taking immediate action to address the data breach. The company is working urgently with forensic specialists to analyze the affected files and investigate the extent of the breach. Despite the incident, Pareto Phone continues to make calls on behalf of charities and remains committed to safeguarding the information entrusted to them by their clients.

Government Response to the Pareto Phone Data Breach

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has expressed deep concern over the cyberattack and subsequent data breach. The ACSC stands ready to offer technical advice and remediation support as required. The Department of Home Affairs has emphasized the importance of Australia’s charities and the critical work they do in improving people’s lives. The government encourages the public to continue donating to charities, despite the incident.

Potential Risks and Future Implications

There is a possibility that additional data could be published in the future, considering the four-month gap between the cyber attack and the leak. Paul Haskell-Dowland, a cybersecurity expert, warns of the potential release of further information to maximize the impact of the breach. This tactic is akin to providing proof of life in a kidnapping case, where specific sets of information are released to demonstrate the criminals’ possession of data. The full extent of the breach and its consequences are yet to be determined.

Checking if Your Data has Been Leaked

The three affected charities have proactively reached out to donors whose information has been compromised in the data breach. Additionally, individuals can visit the HaveIBeenPwned website to check if their mobile number and email address appear in recorded data breaches. This free website, managed by Australian cybersecurity professional Troy Hunt, allows users to determine if their details have been exposed in known unintentional breaches or public posts of information. However, it is important to note that absence of evidence in this search does not guarantee the security of personal data.

What to Do if Your Data Has Been Breached

While there is currently no evidence suggesting the leak of financial, tax-related, or government identity document information, it can still be distressing to have contact information exposed. If your data has been breached, here are some steps you can take to mitigate potential fallout:

1. Change your email account passwords: If you have emailed yourself passwords or sensitive information, it is essential to change those passwords immediately.
2. Enable multi-factor identification where possible: Most email providers offer two-factor identification as an additional layer of security. Consider enabling this feature to ensure legitimate access to your account.
3. Exercise caution with emails and phone calls: As your contact information may be in the public domain, you may become a target for scammers. Refrain from sharing personal information with unknown individuals until their identity and intentions are verified.

Conclusion

The Pareto Phone data breach has raised concerns about the security of donor information for several Australian charities. While the full extent of the breach is still unknown, immediate steps have been taken to analyze the compromised files and address the issue. The government has expressed its support for the affected charities and encourages continued donations. Individuals can take proactive measures to protect their information and monitor for any further breaches. By staying informed and vigilant, we can collectively work towards minimizing the risks associated with data breaches and safeguarding personal information.