On 10 August 2023 we were informed that one of our previous service providers, Pareto Phone, experienced a cyber incident that impacted ChildFund Australia and over 70 charities across Australia.
Pareto Phone is a telemarketing company that provided phone and other services to Australian charities. ChildFund Australia engaged Pareto Phone’s services between 2014 and 2018.
In April 2023, Pareto Phone experienced a cyber incident which resulted in access to their systems by an unauthorised third party. Pareto Phone investigated the incident but could not tell what data may have been accessed by that third party at that time. Pareto Phone took steps to contain the incident and protect its systems from ongoing access.
On 8 August 2023, the unauthorised third party published (on its external dark web leak site) a listing of the data that it claimed to have obtained from Pareto Phone’s systems. On 10 August 2023 we were informed by Pareto Phone that ChildFund Australia and over 70 charities across Australia were affected by the cyber incident at Pareto Phone.
Subsequently on 14 August 2023, the unauthorised third party published the actual data on the dark web, but we understand the documents have only been accessible intermittently.
Since August, our team has been working closely with Pareto Phone and our own external cyber security advisors to conduct a further investigation into precisely what data has been impacted.
We deeply regret that some of our supporters’ information has been compromised by the breach of Pareto Phone’s systems and are notifying our valued supporters who have been affected by the recent cyber-attack.
Frequently Asked Questions
We remind our donors to remain vigilant and alert to any fraudulent or suspicious activity, particularly any scam activity from anyone purporting to be from ChildFund Australia. If you receive any communications from ChildFund Australia that you are unsure about, you can call us directly on 1800 023 600.
Pareto Phones have partnered with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think you information may have been misused. IDCARE’s Case Managers will work with you to design and implement a tailored individual risk assessment and response plan.
IDCARE’s services are at no cost to you. If you wish to speak with one of their expert Case Managers, please complete an online Get Help form at www.idcare.org or call 1800 595 160. Note that IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday excluding public holidays. When engaging IDCARE please use the referral code PAPHCH23.
You should always exercise good password practice (see here for some guidance from the Australian Cyber Security Centre: https://www.cyber.gov.au/protect-yourself).
Further general information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at
- https://www.cyber.gov.au/threats
- https://www.oaic.gov.au/privacy/your-privacy-rights/ways-to-protect-your-privacy
- https://www.scamwatch.gov.au/
If you would like more information about how ChildFund Australia protects the personal information of our donors and supporters; please visit: Privacy Policy – ChildFund Australia
Upon being notified of the breach on 10 August 2023, our team has worked closely with Pareto Phone as well as engaged our own external cyber security advisors to conduct a thorough and detailed investigation to determine what data has been impacted.
This has meant determining the type of information accessed as well as the risk implications for our donors and supporters.
ChildFund Australia has never collected personal identification data such as passport numbers and drivers’ licenses from its supporters and donors. In addition, we are not aware of any Supporter financial information being involved in the incident.
There has also been no impact to ChildFund Australia’s systems.
Supporters who have been impacted by the breach are being directly notified via email.
If you have any questions, or believe you have been impacted, please contact the ChildFund Australia Supporter Relations team on 1800 023 600 or email info@childfund.org.au
The data obtained during the breach included contact details for our supporters during the 2014 to 2018 period; including email address, date of birth, mailing address, and information about child sponsorships with ChildFund Australia at this time. Phone numbers were not obtained.
Financial details such as bank accounts and credit card information have not been obtained. Also, as personal identity data such as passport numbers and drivers’ licenses are not collected by ChildFund Australia, this type of information was also not involved.
Our existing safeguarding procedures mean that the children involved in our sponsorship programs remain safe and no contact details of children were shared. However, it is possible that the details released in the breach could be used to make a convincing and targeted communication to you, posing as ChildFund.