Welcome Back!
Last time you were here, you were looking to help vulnerable children and families. Your support can save and change lives.
Last time you were here, you were looking to help vulnerable children and families. Your support can save and change lives.
Since becoming aware of the incident, our team has worked closely with Pareto Phone and engaged our own external cyber security advisors to conduct a thorough and detailed investigation to determine what data has been impacted.
We are now notifying impacted individuals so that you can take action to reduce the potential impacts. We will work closely with our country programs to inform impacted sponsored children and their families, so they are aware of the breach and to remind them of online safety precautions. ChildFund Australia is disappointed that one of its previous partners suffered a cyber incident. We have been taking all reasonable steps to investigate the incident and protect our impacted individuals.
For more information, please contact the ChildFund Australia Supporter Relations team on 1800 023 600 or email info@childfund.org.au
Once aware of the unauthorised access to data, we understand Pareto Phone worked urgently to contain the threat and investigate. Pareto Phone also engaged external cyber security experts to assist with their response to the incident and is working with these experts to ensure the ongoing safety and security of its systems.
Pareto Phone prioritised data scans to identify whether payment card information (PCI) had been exposed. Pareto Phone notified ChildFund Australia on 11 August that no PCI information had been identified in ChildFund Australia files.
Pareto Phone reported the incident to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) and has been cooperating with their investigations.
We remind our donors to remain vigilant and alert to any fraudulent or suspicious activity, particularly any scam activity from anyone purporting to be from ChildFund Australia. If you receive any communications from ChildFund Australia that you are unsure about, you can call us directly on 1800 023 600.
Pareto Phones have partnered with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think you information may have been misused. IDCARE’s Case Managers will work with you to design and implement a tailored individual risk assessment and response plan.
IDCARE’s services are at no cost to you. If you wish to speak with one of their expert Case Managers, please complete an online Get Help form at www.idcare.org or call 1800 595 160. Note that IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday excluding public holidays. When engaging IDCARE please use the referral code PAPHCH23.
You should always exercise good password practice (see here for some guidance from the Australian Cyber Security Centre: https://www.cyber.gov.au/protect-yourself).
Further general information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at
If you would like more information about how ChildFund Australia protects the personal information of our donors and supporters; please visit: Privacy Policy – ChildFund Australia
Upon being notified of the breach on 10 August 2023, our team has worked closely with Pareto Phone as well as engaged our own external cyber security advisors to conduct a thorough and detailed investigation to determine what data has been impacted.
This has meant determining the type of information accessed as well as the risk implications for our donors and supporters.
ChildFund Australia has never collected personal identification data such as passport numbers and drivers’ licenses from its supporters and donors. In addition, we are not aware of any Supporter financial information being involved in the incident.
There has also been no impact to ChildFund Australia’s systems.
Supporters who have been impacted by the breach are being directly notified via email.
If you have any questions, or believe you have been impacted, please contact the ChildFund Australia Supporter Relations team on 1800 023 600 or email info@childfund.org.au
The data obtained during the breach included contact details for our supporters during the 2014 to 2018 period; including email address, date of birth, mailing address, and information about child sponsorships with ChildFund Australia at this time. Phone numbers were not obtained.
Financial details such as bank accounts and credit card information have not been obtained. Also, as personal identity data such as passport numbers and drivers’ licenses are not collected by ChildFund Australia, this type of information was also not involved.
Our existing safeguarding procedures mean that the children involved in our sponsorship programs remain safe and no contact details of children were shared. However, it is possible that the details released in the breach could be used to make a convincing and targeted communication to you, posing as ChildFund.
The breach is limited to a subset of donors and their sponsored children, who supported ChildFund Australia between 2014 and 2018. A number of sponsored children were also impacted.
This breach does not affect any donors who have joined ChildFund Australia after 2018.
Pareto Phone provides phone and other services to Australian charities. This data was supplied so that Pareto could contact prospective supporters and existing donors about fundraising campaigns.
In 2018, ChildFund Australia ended its contract with Pareto Phone.
Pareto Phone are a telemarketing agency which specialises in charity fundraising. ChildFund Australia employed their services from 2014 to 2018.
On 10 August 2023, Pareto Phone notified ChildFund Australia that data belonging to ChildFund Australia had been impacted in a cyber incident that occurred in April 2023. ChildFund Australia were not notified by Pareto Phone in April as Pareto Phone were not aware of the extent of the breach. ChildFund Australia was one of over 70 charities impacted.