Pareto Phone have advised that some personal information from MSF donors has been compromised in this data breach, which also affects many other charities in Australia and New Zealand.
This is an evolving situation and we are currently working with Pareto Phone to understand the impact of this breach. We are contacting any affected MSF supporters as soon as it is clear who has been affected and what information has leaked.
Under the Australian Privacy Principles and the New Zealand Information Privacy Principles, organisations must not keep personal information for longer than is required for the purposes for which it was lawfully collected and used. MSF has not worked with Pareto Phone for almost five years and we were not aware that Pareto Phone had retained this historical data.
Pareto Phone has informed regulators, notably the Office of the Australian Information Commissioner (OAIC) and the NZ Privacy Commissioner of their data breach. MSF will also work with these regulators to ensure that all necessary action is taken to protect donor data.
Please note that MSF’s own systems have not been impacted by this incident in any way. MSF is committed to our continued secure storage of all supporter data, and we are treating this incident with the highest priority. We have taken several steps in response to this third-party leak, including requesting Pareto Phone delete all MSF supporter data. They have confirmed that this has been done.
We are also following up with other third-party suppliers to ensure they don’t have MSF supporter data that they are not legally entitled to have.
MSF Australia’s full Privacy Policy is available here: https://msf.org.au/privacy-policy-full, and MSF New Zealand’s Privacy Policy is available here: https://msf.org.nz/privacy-policy.
Please contact [email protected] if you would like more information.
Note: An earlier version of this statement said that the MSF data related to 2012-2015. We are continuing to monitor the time period involved as we receive new information from Pareto.