On 10 August 2023 we were informed that one of our previous service providers, Pareto Phone, experienced a cyber incident that impacted ChildFund Australia and over 70 charities across Australia.
Pareto Phone is a telemarketing company that provided phone and other services to Australian charities. ChildFund Australia engaged Pareto Phone’s services between 2014 and 2018.
In April 2023, Pareto Phone experienced a cyber incident which resulted in access to their systems by an unauthorised third party. Pareto Phone investigated the incident but could not tell what data may have been accessed by that third party at that time. Pareto Phone took steps to contain the incident and protect its systems from ongoing access.
On 8 August 2023, the unauthorised third party published (on its external dark web leak site) a listing of the data that it claimed to have obtained from Pareto Phone’s systems. On 10 August 2023 we were informed by Pareto Phone that ChildFund Australia and over 70 charities across Australia were affected by the cyber incident at Pareto Phone.
Subsequently on 14 August 2023, the unauthorised third party published the actual data on the dark web, but we understand the documents have only been accessible intermittently.
Since August, our team has been working closely with Pareto Phone and our own external cyber security advisors to conduct a further investigation into precisely what data has been impacted.
We deeply regret that some of our supporters’ information has been compromised by the breach of Pareto Phone’s systems and are notifying our valued supporters who have been affected by the recent cyber-attack.