Most Australian charities rely on third parties to assist with fundraising across a variety of channels and World Vision Australia utilised Pareto Phone to test fundraising campaigns most recently between 2015 and 2018. We can confirm World Vision has not used Pareto Phone since then.

Like many charities, World Vision Australia balances internal and external fundraising teams to ensure we generate maximum exposure and keep our fundraising costs down to help deliver impact to the world's most vulnerable children. Our third-party fundraisers are an extension of our team and are required to follow World Vision Australia’s privacy and data security policies.

Pareto Phone provides tele-fundraising services to numerous Australian charities and experienced a cyber security incident which resulted in unauthorised access to their systems.

Pareto Phone detected unauthorised access to their IT systems in April 2023. In August and October 2023, Pareto Phone became aware of specific data files that may have been accessed by the unauthorised party and only then did they notify World Vision Australia and many other charities. This prompted us to engage with Pareto Phone to understand the incident in detail so we could conduct our own immediate and thorough investigation once sufficient information had been provided to us. World Vision Australia is one of numerous Australian charities affected by this cyber incident.

No, World Vision Australia last utilised Pareto Phone to test fundraising campaigns from 2015-2018 and ceased activity with them soon after. We can confirm World Vision Australia has not used Pareto Phone for several years.

After the relationship with Pareto Phone ended, World Vision Australia requested confirmation from Pareto that they had deleted all supporter data as required by our contract with them. We received confirmation from Pareto in 2019 that all World Vision supporter data had been deleted from Pareto’s systems. Therefore, we were deeply disappointed to recently learn Pareto Phone had not honoured our instruction to delete all World Vision data.

No, this was a breach of Pareto Phone’s systems. There was no breach of World Vision Australia’s systems. At World Vision, we prioritise the security of our supporter data and the prevention of cybercrime. We have put in place a comprehensive set of measures to ensure the protection of the information our supporters have entrusted to us.

Our dedication to preventing cybercrime and safeguarding supporter data remains resolute. We consistently monitor the evolving threat landscape and adjust our security measures accordingly. Through the implementation of robust systems and best practices, our goal is to offer our supporters a secure environment for their interactions with World Vision. For more information, you can visit our Privacy Policy here.

World Vision Australia uses supporter data for the purpose it was collected, to help you make a difference, and to tell you about how your support is helping vulnerable children, families and communities. Importantly, we never rent, sell or exchange your personal information without your consent.

For more information, you can visit our Privacy Policy here.

The breach affected many charities and organisations. You will need to contact them for further information if they have not already reached out to you. You may also wish to check if they have published a statement on their website.

We are deeply saddened by the impact this has had on our supporters and are committed to offering assistance and guidance. We encourage all our supporters to remain vigilant and be alert to potential phishing emails and telephone calls from anyone requesting your personal details as a precautionary measure and avoid opening attachments from unknown senders on any virtual platform. You may also wish to install anti-virus software and keep it updated, as well as applying recommended software patches from operating system and software providers.

We encourage you to follow the Australian Competition and Consumer Commission’s Scamwatch guidance for protecting yourself from scams here https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.

For more information, you can visit the Office of the Australian Information Commissioner for tips on protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/.

We have partnered with IDCARE, Australia’s national identity and cyber support community service. They have expert case managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think your information may have been misused. IDCARE's case managers will work with you to design and implement a tailored individual risk assessment and response plan. 

IDCARE’s services are at no cost to you. If you wish to speak with one of their expert case managers, please complete an online Get Help form at www.idcare.org or call 1800 595 160. Note that IDCARE specialist case managers are available from 9am-5pm AEST Monday to Friday excluding public holidays. When engaging IDCARE, please use the referral code PAPHCH23. 

IDCARE also have fact sheets on how to prepare, prevent, detect and respond to cyber security concerns.

The World Vision Australia supporter data that may have been compromised does not include any credit card or banking information. However, personal information that may have been accessed includes your name, date of birth, address, postcode, phone number, and email address.