Notice to our supporters and donors
Cyber Incident – November 2022
In November 2022 The Smith Family experienced a cyber incident which affected some of our valuable supporters. If you believe you may have been affected, please contact us at SupporterCare@thesmithfamily.com.au
Cyber security is important to us. Please remain alert to any fraudulent or suspicious activity, particularly any scam activity from anyone pretending to be from The Smith Family or any other charity. If you have any concerns about communications you receive from The Smith Family please contact us at SupporterCare@thesmithfamily.com.au
Further general information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at https://www.cyber.gov.au/threats
Pareto Phone Cyber Incident – 26 September 2023
In 2016, The Smith Family engaged telemarketing company Pareto Phone for a short period of support on a fundraising campaign.
In August 2023, Pareto Phone advised The Smith Family that it had experienced a cyber incident which resulted in an unauthorised third party accessing its systems and some data relating to some of our donors had been published on the dark web.
The forensic investigation undertaken by Pareto Phone has now been finalised. Unfortunately, it has revealed that as a result of this incident, the personal information of some of our donors who were contacted during the fundraising campaign in 2016, and whose details were contained in one of Pareto Phone’s data files, were accessed by the unauthorised third party.
Pareto Phone has now confirmed that The Smith Family donor information accessed is the names, email addresses, suburb, state, postcode (as at 2016), and date of birth of each donor and the street/P.O Box address of some donors.
We understand that this will be concerning news, however we can confirm that no other personal data relating to the relevant donors from 2016 has been accessed.
The Smith Family is taking steps to notify those donors whose details were accessed during this incident and to support them. We are also providing information on the steps they can take to be cyber safe and alert to any fraudulent or suspicious activity.
We are taking this matter extremely seriously and we sincerely apologise for any distress or concerns this news may cause. If donors have any questions, please contact us at SupporterCare@thesmithfamily.com.au.
We will continue to keep our donors informed on a timely basis if we receive any further updates from Pareto Phone relating to this matter.
Pareto Phone has reported the incident to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).
The Smith Family confirms that there has not been any direct impact to The Smith Family's systems as a result of this matter affecting Pareto Phone.
Further Questions
Have I been affected?
We are contacting the Smith Family donors who have had some of their data exposed through Pareto Phone’s cyber incident. If you have been affected, you will receive correspondence from us notifying you of the issue.
How can I get help?
We understand that for some supporters, this may cause distress or uncertainty. Pareto Phone has engaged IDCARE, Australia’s national identity and cyber support community service, to extend their specialist Case Management services to our supporters, at no cost.
IDCARE Case Managers can work with you to explore any concerns you have about your personal information exposure. IDCARE Case Managers are available Monday to Friday from 8am to 5pm (AEDT) and a preferred time can be booked online via their Individual Get Help Form at idcare.org/contact/get-help or by calling 1800 595 160.
Please note that because of current volumes the preferred method of engaging IDCARE is via their online booking form. Please use the referral code PAPHCH23 when booking a time to ensure your matter is prioritised.
What data was taken?
The limited set of The Smith Family donor data includes the names, suburb, state, postcode, email addresses (as given in 2016) and date of birth. In some instances the street/P.O Box address of a donor was also accessed.
No payment details or credit card numbers were accessed, and The Smith Family does not store that information in our systems.