Thousands of generous Australians have had their personal information stolen in yet another hacking crime.
Ruthless cyber criminals have targeted Pareto Phone, a Brisbane-based fundraising company. The thieves stole details such as email addresses and phone numbers of thousands of charity donors, before leaking the information on the dark web.
Pareto Phone has collected donations on behalf of more than 70 of Australia’s biggest charities, such as Cancer Council and The Fred Hollows Foundation.
Despite the attack happening in April, charities said they were only told about it recently.
The news comes as more and more Australians fall victim to scammers. According to Scamwatch, in July 2023 alone more than $42m was stolen in scam attacks.
“We understand that this may be a concerning situation for anyone who has generously donated to Cancer Council, and we unreservedly apologise for any distress caused,” a statement from the charity said.
Some of the charities claimed that Pareto Phone had held onto customers’ personal information long after they had stopped working together, going against data regulations.
“We worked with Pareto Phone only during 2013 and 2014. We were not aware our data was still held by them,” a spokesperson for the Fred Hollows Foundation said.
“Under the Australian Privacy Principles, there is a requirement for personal information data to be destroyed or de-identified once it is no longer needed for the purpose for which it was collected.”
Pareto Phone, which describes itself as ‘the industry leader in charity telefundraising in Australia and New Zealand’, could not be reached for comment.
In a statement to the ABC, company CEO Chris Smedley apologised for the breach but would not comment on the allegation from The Fred Hollows Foundation.
Several of the charities involved in the leak were working with Pareto Phone to establish exactly how many of their customers had been affected.
There is no suggestion at this stage that bank details and other financial information was stolen in the attack.