Pareto Phone

Pareto Phone operates as a telemarketing service provider for the Australian non-profit sector, managing donor engagement and fundraising activities on behalf of various charities. The company's core function involves handling substantial volumes of sensitive personal information, including full names, dates of birth, addresses, and contact details, collected from donors over extended periods. Its client portfolio includes prominent national charities such as the Fred Hollows Foundation, Canteen, Cancer Council, and Médecins Sans Frontières, indicating a significant footprint within the Australian charitable fundraising landscape. The nature of its services necessitates the long-term storage of historical donor data, a practice that became a central issue following a major security incident. By acting as a third-party data processor, Pareto Phone holds considerable responsibility for the security and retention management of personal information belonging to the beneficiaries of its charity clients.

In March 2023, Pareto Phone suffered a ransomware attack attributed to the LockBit group, which resulted in the exfiltration and subsequent publication of a decade's worth of donor data on the dark web. The breach compromised the personal details of individuals who had donated to multiple Australian charities, though financial information was not accessed. This incident exposed critical deficiencies in the company's data retention policies, as several affected charities were unaware that historical donor records remained stored. The fallout prompted public criticism regarding inadequate data stewardship and highlighted the broader vulnerability of non-profit organisations to sophisticated cyber threats targeting third-party vendors. The event has since been cited in advocacy efforts calling for enhanced cybersecurity resources and support specifically for the charitable sector, underscoring the systemic risks associated with outsourced data management.