Major Data Breach Exposes Thousands of Australian Charity Donors

Kamso Oguejiofor Kamso Oguejiofor Writer

In a significant cybersecurity incident, the personal details of over 50,000 Australian charity donors have been leaked on the dark web. The breach, which occurred in April, has been linked to third-party fundraiser Pareto Phone, a company responsible for collecting donations on behalf of numerous charities.

Several high-profile charities, including The Cancer Council, Canteen, and The Fred Hollows Foundation, have confirmed the breach of their donor data through Pareto Phone. While the exact nature of the compromised data varies, it generally includes full names, dates of birth, addresses, email addresses, and phone numbers.

The ABC reported that the breach also involved the theft of credit card data from some charities. PLAN International, a girls’ equality charity, was the first to disclose that credit card details of 8,000 supporters, dating back to 2009, had been leaked. However, they confirmed that all stolen credit card details had already expired.

Interestingly, some of the exposed data dates back up to 15 years. This revelation has raised concerns about the retention of historical data, with some charities alleging breaches of the Australian Privacy Principles regarding the destruction of old data.

Despite the magnitude of the breach, the Office of the Australian Information Commissioner (OIAC) has not initiated a formal investigation into Pareto Phone. Instead, they have stated they are “monitoring” the situation. This comes amidst revelations that the OIAC has never fined a company for a serious data breach, even after the introduction of severe penalties last November, which can go up to $50 million.

“If there’s no penalty for keeping this data and then being breached, then companies in Australia aren’t going to change that,” Cybersecurity expert Professor Nigel Phair said, emphasizing the need for the privacy commissioner to utilize their powers and enforce penalties.

Pareto Phone’s CEO, Chris Smedley, expressed regret over the breach and stated that the company is working with forensic specialists to analyze the affected files. “We have not at this stage identified any identity documents such as tax file numbers, driver licenses and passports about any donor,” Smedley said.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.

Leave a Comment