Pareto Phone Telemarketer breached, info of thousands of donors to Australian charities leaked

Thousands of donors supporting Australian charities have had their personal information exposed on the dark web following a cyber attack on a telemarketer, Pareto Phone.

Pareto Phone collected donations from supporters of charities, and some charities have alleged that the company retained donor data without their knowledge after the contract had ended, potentially violating privacy laws.

The leaked data includes

• names,
• dates of birth,
• addresses,
• email addresses,
• phone numbers.

The incident has affected multiple charities, including Cancer Council, Canteen, and The Fred Hollows Foundation, which have confirmed that donor data was leaked. More than 70 Australian charities used Pareto Phone, but not all were impacted.

The Fred Hollows Foundation stated that 1,700 of its donors were affected, and the organization claimed that the data had been held without its awareness. The charity expressed disappointment, noting that data should have been destroyed or de-identified once it was no longer needed for its purpose.

Similarly, Médecins Sans Frontières (MSF) accused Pareto Phone of retaining data in breach of privacy laws, even though MSF had not engaged the company since 2018. MSF reported the breach to regulators and pledged to collaborate with them to safeguard donor data.

Canteen confirmed that 2,600 donors from 2020 and 2021 were impacted, with details including names, dates of birth, addresses, email addresses, and phone numbers released. The Cancer Council also severed ties with Pareto Phone, awaiting clarification on the extent of donor impact.