Dark Web Data Breach Shakes Australian Charities
In the digital age, privacy has become a major concern as data breaches continue to occur at an alarming rate. Two Australian charities have come forward and claimed that over 50,000 Aussies have had their banking information posted all over the dark web, with another 68 charities being discreet regarding the disaster that has occurred with charity donation collector, Pareto Phone.
ABC has revealed that other details besides victims' banking information have been shared on the dark web. Including home addresses, and dates of birth. It is believed that there may be more than 50,000 Australians with compromised personal details as only a fraction of the charities targeted have come forward. More than 70 charities have been involved in the tele-fundraiser hack. Some of the stolen data was up to 15 years old, with a handful of those charities notifying the privacy watchdog of alleged breaches of Australian Privacy Principles around the destruction of old data. Despite the situation, the Office of the Australian Information Commissioner (OIAC) said it has not commenced an investigation into the Pareto Phone hack but that it is "monitoring" the situation.
The ABC has also revealed that the federal agency has never fined a company for a serious data breach. Although the Australian Information Commissioner’s (OIAC) enforcement act has introduced new penalties for organisations who do not follow cybersecurity privacy and safety protocols, no company in Australia has been issued a fine since the amendment of cybersecurity protocols almost a year ago, including the infamous Optus and Medibank hacks that took place last year.
Cyber experts say without enforcing penalties, companies will continue to fail in privacy and safety for their consumers. Nigel Phair, a cybersecurity expert, said the penalties and powers of the agency are adequate, but that the privacy commissioner needs to use them. "It's time for the privacy commissioner to sort of use these powers and we need to get organisations of all shapes and sizes in Australia to take the collection, the storage, and hopefully the deletion of personal data seriously," Professor Phair said. "If there's no penalty for keeping this data and then being breached, then companies in Australia aren't going to change that."
What charities have been affected by the Pareto Phone data breach?
WWF: 20,500 donors from between 2012 and 2022
Australian Conservation Foundation: 13,500 donors from 2013 to 2021
PLAN: 8,000 donors, data from 2009
The Heart Foundation: 4,600 donors from 2008
Canteen: 2,600 donors from 2020 and 2021
Fred Hollows Foundation: 1,700 donors between 2013 and 2014
Amnesty International Australia: 1,500 donors
The Cancer Council: A "very small number" of donors they stated
The Children's Cancer Institute: The charity has said "the files affected were internal administrative files only,” the amount stolen has not been confirmed.’
Médecins Sans Frontières: to be confirmed by the charity, it is believed that personal details and bank details from 2012 to 2015
Save the Children: charity is working to confirm affected donor numbers
Bush Heritage Australia: data accessed from 2012 to 2014, no financial information was included
Vision Australia: no details provided yet
A data breach not only affects the affected individuals but also damages the company's reputation and bottom line. Privacy watchdogs play an essential role in protecting consumers' personal information and holding companies accountable for protecting sensitive data. Businesses must work closely with these watchdogs to ensure they're complying with privacy laws and regulations.
In conclusion, the privacy breach involving the Canadian telemarketing firm underscores the vulnerability of sensitive information stored by companies and the importance of privacy watchdogs. Companies must prioritise data protection and work with privacy commissioners to prevent future breaches. Consumers must also be vigilant and take steps to protect their data to prevent identity theft and fraud.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.