Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, was hacked by cybercriminals in April.
As a result, thousands of Australians' information has been leaked to the dark web.
Here's what we know so far.
What charities have been affected by the Pareto Phone data breach?
We only know about three so far:
- The Cancer Council
- Canteen
- The Fred Hollows Foundation
Those three charities have confirmed donor information has been published on the dark web.
But it's unclear how many more have been caught up in the breach.
The ABC understands more than 70 Australian charities used Pareto Phone, but not all have been affected.
What information was taken in the Pareto Phone data breach?
It's unclear at this stage.
Canteen says no financial information has been leaked.
But it says some donors' full names, dates of birth, addresses, email addresses and phone numbers have been leaked.
The Fred Hollows Foundation has told the ABC that, based on what it's been told by Pareto Phone, the compromised data "does not involve financial, credit card or bank account information".
Meanwhile, the Cancer Council says it is "still waiting for Pareto Phone to provide us with clarity on how many of our donors' data and what kind of data has been breached".
"We have not at this stage identified any identity documents such as tax file numbers, driver licences and passports about any donor," Pareto Phone CEO Chris Smedley said.
How many people have been affected by the Pareto data breach?
At least 4,300.
But we don't know for sure yet, because it's unclear how many charities have been affected.
Here's what we do know based on what charities have told us:
- Canteen: 2,600 donors from 2020 and 2021
- Fred Hollows Foundation: 1,700 of its donors between 2013 and 2014
- The Cancer Council: A "very small number" of donors, but the charity says it's still waiting on Pareto Phone to clarify the number of people affected
What is Pareto Phone doing about the data breach?
The company is working "urgently" with forensic specialists to analyse affected files, Pareto Phones chief executive Chris Smedley says.
He says the company is continuing to make calls for charities and is committed to protecting information held on their behalf.
What has the government said about the data breach?
The Australian Signals Directorate's Australian Cyber Security Centre "stands ready to offer technical advice and remediation as required", a Department of Home Affairs spokesperson said.
They described the cyber attack as "deeply concerning".
"Australia's charities are an important part of our community and do critical work improving people's lives," the spokesperson said.
"This incident shouldn't stop you from donating to charities."
Could it get worse?
Potentially, yes.
The ABC understands more than 70 Australian charities used Brisbane-based Pareto Phone, but not all had been affected.
There is a risk more data could be published, since there had been four months between the attack and the leak, Paul Haskell-Dowland, a professor of cybersecurity practice at Edith Cowan University, said.
"The publication of the data on the dark web doesn't necessarily mean that it's all of the data that the criminals hold," he said.
"If you are looking to get maximum effect, following with this set of data, you may well release particular sets of information to reinforce the fact that you have the data … like a proof of life in a kidnap case," Professor Haskell-Dowland said.
How do I know if my data has been leaked?
Two of the three charities currently affected have confirmed they've reached out to donors caught up in the data breach.
You can also use the HaveIBeenPwned website and check to see if your mobile number and email address have appeared in recorded data breaches.
It'll instantly tell you if your details have been exposed in known unintentional breaches or pastes — where information has been posted to a public website.
But you have to subscribe if you want to see if you're caught up in sensitive breaches.
The free website is run by Australian cybersecurity professional Troy Hunt and is run using a database of known leaked data.
But even if nothing comes up in this search, it doesn't necessarily mean your data hasn't been accessed.
My data has been breached. What do I do now?
There is no evidence at the moment that the Pareto Phone leak involved financial, tax-related or government identity document information.
But it's still a stressful experience to have your contact information such as home address, email or phone number leaked. Here are some steps you can take to mitigate the fallout:
- Change your email account passwords: If you've emailed yourself passwords change those too
- Enable multi-factor identification where possible: Most email providers offer two-factor identification that double checks with you that your sign-ins are legitimate
- Take care with emails and phone calls: If your contact information is in the public sphere, you may be targeted by scammers. Do not share your personal information with anyone until you are certain about who you are sharing with
The National Cyber Security Coordinator had been notified of the Pareto breach but you can also report cybercrimes and security incidents through the federal government's ReportCyber portal.
Loading...https://news.google.com/rss/articles/CBMibmh0dHBzOi8vd3d3LmFiYy5uZXQuYXUvbmV3cy8yMDIzLTA4LTIzL3BhcmV0by1waG9uZXMtZGF0YS1icmVhY2gtY2FudGVlbi1jYW5jZXItY291bmNpbC1mcmVkLWhvbGxvd3MvMTAyNzYzNzc20gEoaHR0cHM6Ly9hbXAuYWJjLm5ldC5hdS9hcnRpY2xlLzEwMjc2Mzc3Ng?oc=5
2023-08-23 02:24:47Z
2368054155
Bagikan Berita Ini
0 Response to "Multiple Australian charities have had donor information leaked onto the dark web. Here's what we know - ABC News"
Post a Comment