If you have donated to an Australian Charity, you might have donated more than just money in this recent data breach. Thousands of donors to Australian charities have had their personal information stolen after a telemarketing company suffered a data breach. Pareto Phone is a telemarking company collecting donations on behalf of over 70 Australian charities. The stolen data has been published on the dark web and it includes full names, date of births, addresses, email addresses and phone numbers. There’s no financial information published and forensic specialists are analysing to determine if any identity documents such as tax file numbers, driver licenses and passports were impacted. What is deeply concerning about this breach is the amount of data Pareto Phone has retained without the charities’ knowledge. One charity has alleged that the company has retained nine-year-old documents without its knowledge. This would be a breach of the privacy act which requires personal information data to be destroyed or de-identified once it is no longer needed for the purpose for which it was collected. Another charity had similar concerns and claimed that they had not worked with the telemarketing company for almost five years. Pareto Phone had informed the regulators, the Office of the Australian Information Commissioner (OAIC) and the NZ Privacy Commissioner of the data breach.
This segment was created for the It’s 5:05 podcast