We have recently been made aware of a data breach by a third-party organisation we last engaged more than eight years ago called Pareto Phone, which conducts fundraising campaigns on behalf of charities.
Pareto Phone has advised us that some personal information from a small number of our donors has been compromised in this data breach, which also affects many other charities in Australia and New Zealand.
We understand that these events may cause anxiety for some of our supporters and we apologise unreservedly. Please note that our own data storage systems have not been impacted by this incident in any way. We are committed to the continued secure storage of all supporter data, and we are treating this incident with the highest priority.
Whilst we understand the breach relates to data from 2010 and that the risk is very low, we are concerned and dismayed that the personal information of a small number of our valued supporters has been compromised. We have worked closely with our own cyber security analysts to understand the extent of the breach and we are making every attempt to contact those donors who have been impacted.
We are extremely concerned about this breach, particularly considering that the data was held for so long and that many other charities are also impacted. We understand that this breach has been referred to the Office of the Australian Information Commissioner and the NZ Privacy Commissioner.
We have taken several steps in response to this third-party breach, including requesting Pareto Phone deletes all our supporter data. Our cyber security analysts are also working with Pareto Phone to understand how this happened, and why data was held so long without our knowledge. We will not be working with Pareto Phone again.
