Just months after suffering a major data breach that impacted tens of thousands of charity donors, Brisbane-based telemarketer Pareto Phone has collapsed – leaving more than 100 workers out of a job.
Until recently, Pareto Phone served as a third-party tele-fundraising supplier that called supporters and collected donations for dozens of Australian charities.
In April, the company found itself at the centre of a cyber incident which resulted in tens of thousands of donors’ personal information being leaked to the dark web – including dates of birth and contact details.
Now, much of the company’s online presence has vanished, with its website, phone number, Google business profile and social media page on LinkedIn currently deactivated.
Approximately six months on from the attack – which impacted such charities as The Cancer Council, The Fred Hollows Foundation, Médecins Sans Frontières (MSF) and more – Pareto’s sudden collapse has left its staff shocked and waiting for answers.
As reported by the ABC, Pareto workers were abruptly told on Thursday they no longer had a job.
“They didn't give any of the longest-serving employees a heads up about it,” an anonymous ex-employee told the ABC.
“It's pulled the rug out from under their feet."
Furthermore, it was later found sensitive employee information had also been leaked during the attack – including police checks, child support documents, HR incidents, immigration sponsorship details, COVID-19 vaccination credentials, and notably, tax file numbers, passports, and licences.
At the time of writing, Pareto has reportedly neglected to contact ex-employees about whether their details were exposed during the hack.
The company is currently under investigation by Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), amid accusations the company failed to meet Australian privacy standards.
In August, when charities were told their supporters were affected by the data breach, many companies expressed surprise and disappointment over how long Pareto had held onto their data.
“MSF has not worked with Pareto Phone for almost five years,” said an MSF spokesperson.
"Under the Australian Privacy Principles, organisations must take reasonable steps to destroy personal information data that is no longer required.”
Furthermore, an ex-employee told the ABC Pareto’s data-handling practices were notably lacking, stating a client would send through “millions of rows of data” which she didn’t remember “being removed” from the system during her employment.
If privacy laws were indeed breached, Pareto could face a maximum penalty of $50 million.
Pareto and its parent company Merchant Place did not respond to Information Age’s request for comment.