Thousands of Australian charity donors have fallen victim to cyber-attacks after their personal details were published on the dark web.
In April, cyber criminals hacked Brisbane-based telemarketer Pareto Phone which provides services to more than 70 Australian charities.
These includes some of the country’s largest charities including the Cancer Council, the Fred Hollows Foundation, and Canteen have been affected by the data breach.
The personal information leaked to the dark web included phone numbers and email addresses of thousands of Australians.
In a statement, the Fred Follows Foundation said although it had ended the relationship with Pareto Phone for nine years, the telemarketer still kept the private details of 1,700 of its donors.
The charity said it was “deeply disappointed” by the incident.
“Under the Australian Privacy Principles, there is a requirement for personal information data to be destroyed or de-identified once it is no longer needed for the purpose for which it was collected,” it continued.
‘We’re Deeply Upset’: Canteen
Canteen, which provides help for young people struggling with cancer, said the breach had affected 2,600 of its donors whose personal details including name, data of birth, address, email and phone numbers were leaked.However, the charity had assured that no financial information had been leaked.
“We’re deeply upset that our supporters have been impacted by a data breach at Pareto Phone a company contracted by Canteen, and we have paused all activity with them,” he added.
“We understand that this will cause major concern for kind-hearted people who donate to support the 23,000 young people dealing with the immense challenges of cancer every year.”
Cancer Council confirmed the incident occurred saying it had cut ties with the telemarketer.
Cancer Council Australia CEO Professor Tanya Buchanan said the charity took its donors’ privacy seriously.
“We understand that this may be a concerning situation for anyone who has generously donated to Cancer Council, and we unreservedly apologise for any distress caused.”
In a statement on Wednesday morning, Médecins Sans Frontières (MSF) said its partnership with Pareto Phone had ended in 2018.
“We are currently working with Pareto Phone to understand the impact that this breach may have had. We are contacting any affected MSF supporters as soon as it is clear who has been affected and what information has leaked.”
According to ABC, Pareto Phone CEO Chris Smedley has apologised for the issue and said it was cooperating with forensic specialists to analyse affected files.
“We have not at this stage identified any identity documents such as tax file numbers, driver licenses and passports about any donor,” Mr. Smedley said.
Current Methods Of Customer Identification Are Flawed: Expert
Concerns about the current methods of customer identification and data retention have been raised by some security experts, including Philip Bos, who has over 30 years of experience in the industry and is the founder of privacy protection software company BlueKee.In an email to The Epoch Times, he said Australians currently hand over unnecessary personal information, “with no say over how it’s protected and who it’s shared with [or sold to].”
“This system is plagued by identity theft, fraud, and a lack of control over personal data - which has been highlighted by high-profile data breaches including this most recent example.”
“Enterprises collect vast amounts of personal and sensitive information within what we call ‘centralised’ data storage systems, creating a honey pot of data for attackers. So, every time you give your personal information to a third party – whether a business, government agency or person – you’re putting yourself at risk.”
Mr. Bos added that companies usually use the customers’ name, date of birth and address to identify them. However, this is “all the information that a hacker needs to steal to become you.”
“Think of the mildest of motor vehicle accidents – you exchange particulars and have now given away enough for the recipient to become you.”
Mr. Bos suggested that people should avoid providing more than necessary when doing a transaction request for information, for example, they should not disclose their home address when purchasing items online.