ChildFund NZ has issued a public notice regarding a cyber security incident involving their telemarketing partner, Pareto Phone Limited. This incident, which occurred in April of this year, resulted in unauthorized access to Pareto Phone’s systems by an unknown third party.
Unfortunately, the breach includes some personal contact information of donors, including those associated with ChildFund NZ, among 70 other charities affected. While no harm to donors has been reported so far, the organization is taking steps to provide information and ensure donors can take protective measures.
Frequently Asked Questions (FAQs) have been provided to address key concerns. The cyber incident was identified in August 2023, and Pareto Phone immediately engaged forensic experts to contain and investigate the breach.
Fortunately, there is no evidence of financial or banking information being accessed. The compromised data primarily includes donor contact information such as names, addresses, phone numbers, and reference numbers. ChildFund NZ has requested the deletion of all their information from Pareto Phone’s records once the investigation is complete.
Pareto Phone has taken swift action to contain the threat and engage external cyber security experts to ensure the ongoing safety of its systems. ChildFund NZ conducted a thorough check of its own systems and has not identified any cyber incidents or data breaches on its end.
While Pareto Phone has confirmed steps to remove personal contact information, they have retained impacted data for forensic purposes and legal obligations.
ChildFund NZ has reassured donors that their data is now safe for telemarketing fundraising, as they no longer use Pareto Phone but have stringent data protection policies in place with their current partner, Cornucopia. However, donors are advised to remain vigilant in case of fraudulent activity or scams related to their personal contact information.
