Cybercriminals are on the prowl. In April 2023, they hacked Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors for charities. This hacking led to information about thousands of potential donors being leaked onto the dark web and affecting nearly 4,300 people. The charities affected by the hacking incident are as follows:
The Cancer Council
Canteen
The Fred Hollows Foundation
In fact, the above-mentioned charities have confirmed that their donor information has been published on the dark web. Although there is no confirmation of the number of charities caught up in the criminal act, the ABC has put the figure close to 30 percent. The cyber attack has brought into sharp focus the need for consulting cybersecurity services, such as Cybernetic Global Intelligence.
Type of Information Stolen
The three charities have responded by stating that financial information has not been breached. However, important business information did get leaked in the cyberattack. According to Canteen, information such as donors’ names, dates of birth, addresses, email addresses, and phone numbers got compromised. On the other hand, the Fred Hollows Foundation denied any leak of its financial, credit card, or bank account information. The Cancer Council stated that it still awaits for Pareto Phone to give information about the data breach.
The CEO of Pareto Phone, Chris Smedley, revealed that they could not find identity documents about any donor with information such as drivers’ licences, tax file numbers, and passports. According to Ravin Prasad, CEO of Cybernetic Global Intelligence, one of the leading globally accredited cybersecurity support services, strengthening the cybersecurity architecture is of prime importance to ward off cyberattacks.
Action Taken by Pareto Phone About the Data Breach
As per Chris Smedley, Pareto Phone is liaising with forensic experts on an urgent basis to analyse the affected files. The company is continually making calls for charities as before and is working to protect the latter’s information.
The cyber attack has raised the hackles of the Australian Signals Directorate’s Cyber Security Centre, which has offered to give any type of technical advice and remediation. The department has termed the incident deeply concerning and has appealed to people not to stop donating to charities. Paul Haskell-Dowland, the professor of cybersecurity practice at Edith Cowan University, stated that the situation could potentially get worse with more data being published. He also stated that the publication of such data on the dark web does not necessarily mean every piece of data is being held by criminals.
How Can Someone Know If His or Her Data Has Been Leaked?
Even though the charities affected by the cyberattack have reached out to donors to assuage them, one can use the website https://haveibeenpwned.com/ to check whether his or her email address and mobile number have been leaked. The website will tell if such personal details have been exposed. Incidentally, the website is run by Troy Hunt, an Australian cybersecurity professional. It is run using a database of known leaked data. If no data shows up on the website, it is not necessarily a validation that the data has not been accessed. In the event that someone’s data has been breached, he or she can take the following steps to mitigate the fallout.
Change the passwords for email accounts.
Enable multi-factor identification and authentication wherever feasible.
Not share any personal information until absolutely sure about the person.
How Do Businesses Thwart the Risk of Cyber Attacks?
With increased pace of digitisation, the risk of cyberattacks is on the rise. Business enterprises should stay one step ahead of any such attacks by assessing their risk profile and working towards strengthening it. To bolster their cybersecurity stance, they may consider the following steps:
Strengthening Security: This involves implementing robust password policies, utilising multi-factor authentication, and keeping software up-to-date.
Addressing Vulnerabilities: Regularly scanning networks for weaknesses and promptly patching any identified security flaws. In doing so, they may seek IT security consulting from one of the top cybersecurity companies, Cybernetic Global Intelligence.
Workforce Training: Employees should receive training on how to recognise and report phishing emails, social engineering attacks, and other cybersecurity threats.
Compliance with Industry Regulations: Adherence to relevant industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS), is essential.
In cases where a business lacks the resources or expertise to establish and maintain a robust cybersecurity programme, enlisting the services of a consulting cybersecurity firm like Cybernetic Global Intelligence can be advantageous. As a globally accredited cybersecurity provider, Cybernetic Global Intelligence offers a comprehensive range of services to help businesses enhance their cybersecurity threshold and respond to cyberattacks with alacrity. These services encompass:
Managed Security Services: Providing continuous monitoring and threat analysis to enable 24/7 detection and response to cybersecurity threats.
ISO 27001 Certification: Assisting businesses in obtaining ISO 27001 certification, an internationally recognised standard for information security management.
Risk Assessments and Security Audits: Identifying and mitigating known cybersecurity risks and vulnerabilities through thorough assessments and audits
Red Team Testing: Simulating cyberattacks to uncover weaknesses in a company’s cybersecurity infrastructure.
PCI Compliance Consulting: Guiding businesses to achieve PCI compliance, a critical requirement for those accepting credit cards.
Penetration Testing: Identifying and addressing vulnerabilities that cybercriminals could potentially exploit.
Conclusion
Business enterprises worldwide, especially in Australia, have become vulnerable to cyberattacks. Ravin Prasad, CEO of Cybernetic Global Intelligence, underscores the need for businesses to fortify their cybersecurity architecture. They can do so by engaging top-tier cybersecurity companies like Cybernetic Global Intelligence. For more information on safeguarding your business against potential cyber attacks, reach out to us at 1300 292 376 or send an email to contact@cybernetic-gi.com.