Stroke Foundation has been made aware of a recent data breach suffered by Pareto Phone Pty Ltd (Pareto Phone), a former fundraising service provider that Stroke Foundation last worked with in 2017.

Stroke Foundation’s own networks and servers have not been affected in any way.

The Pareto Phone data incident itself occurred in April 2023, however, it was only brought to our attention on 8 August 2023. Pareto Phone informed us on 14 August 2023 that the unauthorised party had published some of the information on the dark web on that day. Further information provided by Pareto Phone on 22 August 2023 allowed us to confirm that some of our donors’ information was involved.

We deeply regret any inconvenience or concerns this incident may cause our incredible community of survivors of stroke and their families, supporters, and donors. Please be assured that protecting your privacy and information is our priority, and we are taking this matter extremely seriously.

Stroke Foundation’s own networks and servers have not been affected in any way. We have reported Pareto Phone’s data incident to the Office of the Australian Information Commissioner.

Investigations conducted to date indicate that no government identification documents, bank account, credit card or financial information was contained in the Stroke Foundation files held by Pareto Phone. The information which may have been accessed appears to be limited to names, addresses, phone numbers, email addresses and in some cases date-of-birth.

We are in the process of contacting individuals affected.

We want to reinforce that our own systems have not been compromised, and we implement stringent security measures and practices to safeguard all stakeholder data. It’s very important to us that we protect our community.

We will continue to seek regular updates on this incident and will communicate updates.

Our supporters and the Australian community are at the heart of everything we do. We deeply regret any concerns this incident may raise and want to assure you that we are fully committed to offering any necessary assistance and guidance.

If you have any questions or concerns, our dedicated supporter relations team are here to help, please do not hesitate to get in contact by calling 1300 194 196 or via email at ceo@strokefoundation.org.au.

Frequently Asked Questions (FAQs):

What is PII and PCI data?

PCI refers to Payment Card Information and PII is Personal Identifiable Information. In this circumstance, Personal Identifiable Information that has potentially been accessed are Names, Addresses, Phone Numbers, Email Addresses, and date-of-birth data. No health data, government identification documents or PCI or financial information was collected by Pareto Phone.

Why has it taken so long to find this out?

Stroke Foundation was notified on 8 August 2023 by a third party (not Pareto Phone) and has taken immediate action to ascertain from Pareto Phone which data has been accessed. We want to ensure that our supporters and donors are provided with accurate and timely information and are working quickly to respond. Pareto Phone provided the data released to us on 22 August 2023 and we have done all we can to notify those identified as soon as practical.

Is the Office of the Information Commissioner aware and what support is government providing?

Stroke Foundation has informed the Office of the Australian Information Commissioner.

What support can I access?

We are taking this matter very seriously and we understand you may want to know more. Donors seeking more information about this incident and how they may have been affected, can send an email to ceo@strokefoundation.org.au or phone 1300 194 196.

Individuals affected may now be at higher risk of scams. Therefore, we encourage you to be vigilant about unknown individuals contacting you by phone, text or email. With the personal information accessed, scammers contacting individuals may appear more legitimate. Learn how to spot a scam and be prepared: visit cyber.gov.au for the latest Australian Government advice on protecting your identity. Their webpage at cyber.gov.au/learn-basics/explore-basics/recognise-and-report-scams includes advice on recognising scams.  

We have partnered with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think you information may have been misused. IDCARE's Case Managers will work with you to design and implement a tailored individual risk assessment and response plan.

IDCARE’s services are at no cost to you. If you wish to speak with one of their expert Case Managers, please complete an online Get Help form at www.idcare.org or call 1800 595 160. Note that IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday excluding public holidays. When engaging IDCARE please use the referral code PAPHCH23.

How do I get in contact with the Stroke Foundation? How do I make a complaint?

You can send an email to ceo@strokefoundation.org.au or phone 1300 194 196. Stroke Foundation takes complaints very seriously; these can be submitted via our website in the contact us section or via the email ceo@strokefoundation.org.au.

How does Stroke Foundation protect my data?

Stroke Foundation ensures we have appropriate policies, infrastructure, and systems in place to protect the data of our community of survivors of stroke, volunteers, supporters and donors. We respect the privacy rights of all individuals and are committed to ensuring that we comply at all times with our obligations under the Privacy Act 1988 (Cth) and other applicable privacy laws.   You can access our privacy policy and information on our website which is kept up-to-date.

Why did Pareto Phone not delete the data?

We have queried why Pareto Phone held donor data after the conclusion of a campaign. Pareto Phone has not provided a clear answer as to why they did not delete Stroke Foundation data after such a long period of time, and we are pursuing this matter with them.

How can I contact Pareto Phone?

Pareto Phone can be contacted by calling 07 3015 4000 or by emailing info@paretophone.com. If you have questions regarding your Stroke Foundation relationship, it is best to speak with Stroke Foundation’s supporter relations team by calling 1300 194 196 or emailing ceo@strokefoundation.org.au.

Why do charities utilise third party (external) agencies to assist with fundraising and operational services?

Many charities utilise third party (external) agencies to assist with the conduct of activities on their behalf.

Partnering with an external agency can be a very cost-efficient way for charities to raise funds and/or administer operational matters, while allowing it to focus its own energy and expertise on its charitable purpose. For Stroke Foundation, that mission is to prevent stroke, save lives and enhance recovery.

By partnering with an external agency, our internal staff can focus on other critical tasks that require their specific expertise, such as developing new initiatives, refining our services, and engaging in deeper interactions with our caring and generous donors.

This also allows us to streamline our operations and maximise the impact of our efforts across various areas of our organisation. Rest assured, we are continuously evaluating our strategies to make sure we are using our resources in the most effective and efficient way.

Stroke Foundation’s Privacy Policy discloses its relationship with third parties. The policy is available on our website.