Jul 2024
Australian Conservation Foundation says data of 13,500 donors caught up in Pareto Phone hack: Australian Conservation Foundation
The Australian Conservation Foundation says 13,500 of its donors' details have been leaked on the dark web in the Pareto Phone data breach.
The charity is the latest to confirm its supporterspersonal information has been compromised after a Brisbane-based telemarketer was hacked by cybercriminals
The Australian Conservation Foundation, which campaigns to save native species from extinction, has been caught up in the breach. (Sharon Wormleaton)
The Heart Foundation, Canteen, Cancer Council, Médecins Sans Frontières and the Fred Hollows Foundation were also caught up in the breach.
An Australian Conservation Foundation spokesperson said it is "dismayed" by the hack.
"We trusted Pareto with our supporters' personal information so the company could help us raise funds to continue our environmental protection and advocacy work," the spokesperson said.
"We are concerned that Pareto kept old data it should have destroyed."
The spokesperson said Pareto Phone had told the charity in April that it suspected its systems had been compromised.
The foundation had recently learned names, addresses, email addresses, birth dates had been leaked.
"We understand no [Australian Conservation Foundation] supporters' credit card information or identifying documents are involved," the spokesperson said.
"There is no evidence of misuse of the personal information of any of [Australian Conservation Foundation] supporters."
Foundation no longer using Pareto
The foundation had used the telemarketer service over several years for short-term campaigns, and said it had now suspended its relationship with Pareto Phone.
The ABC understands more than 70 Australian charities used Pareto Phone, but not all had been affected.
The Fred Hollows Foundation said 1,700 of its donors were affected, and claimed the data had been held without the charity's knowledge.
Canteen said 2,600 donors had their details leaked, and the Cancer Council said the hack affected a "very small number" of its donors.
The Children's Cancer Institute has also confirmed it had been caught up in the breach but said, "the files affected were internal administrative files only and are of no risk to our donors and supporters".
The Heart Foundation said 4,600 donors from 2008 had personal contact details and date of birth stolen.
In a statement on Wednesday, Pareto Phone's CEO, Chris Smedley apologised for the distress the breach had caused and said the company was working "urgently" with forensic specialists to analyse affected files. He did not respond to The Fred Hollows Foundation's claim.
Data rules are 'woolly'
Managing director of global technology firm Waterstons Australia, Charlie Hales said Australia's rules on how long to keep, and when to delete data, are "woolly."
"There aren't any rules about deleting the data within a period of time," she said.
"There are rules around retaining some information but not deleting it."
She said companies need to think about what information they need to retain and for how long "instead of keeping it by default".
"It is like with the Optus breach, they had data for years and years that they didn't need to retain," she said.
Ms Hales recommends donors wishing to make donations to charities via the phone should ask companies what it plans to do with the data and ask them not to keep it.
She said anyone caught up in the breach should be "super vigilant" — make sure they had the two-factor authentication on any email account, and not to use the same password across other accounts.
"As long as you've got things like that in place, it's going to be very hard for them to do anything," she said.
The Office of the Australian Information Commissioner has confirmed Pareto Phones had notified it of the data breach, and it is monitoring the situation.
Thanks for partnering with us on this article, Australian Conservation Foundation says data of 13,500 donors caught up in Pareto Phone hack - ABC News