Notification per privacy act sections 26WK & 26WL

In August 2023, Médecins Sans Frontières Australia (MSF) was notified by a previous third-party telefundraising supplier, Pareto Phone Pty Ltd (Pareto), that Pareto had suffered a data breach event. MSF engaged Pareto Phone for some years, up to 2018. 

Pareto advised that the incident involved a ransomware attack that allowed the extraction of data, including personally identifying information (PII), from Pareto's business.  

MSF has notified the OAIC and will work with regulators to ensure that all necessary action is taken to protect donor data.

MSF’s own systems have not been impacted by this incident in any way. MSF is committed to the continued secure storage of all supporter data, and we are treating this incident with the highest priority. We have taken several steps in response to this third-party leak, including requesting and receiving confirmation that all MSF supporter data has been removed from Pareto servers.  

We have contacted any impacted supporters where a valid email address and/or postal address is available and provides this notification in all other instances.

MSF’s analysis of the data confirms that affected supporters have generally encountered exposure of two or three of the below data points only, with most common being a supporter’s first and last name, and either an email address or a telephone number: 

  • First and Last name
  • Email address  
  • Telephone number
  • Mailing address
  • Bank account details (predominantly masked)
  • Credit Card details (predominantly masked)
  • Date of Birth 

If you would like further information regarding the breach, you can contact our Supporter Relations team at [email protected]. at any time.  

Additionally, we recommend taking the following precautionary steps to protect your data from the risk of theft, fraud or other scams, including: 

  1. Verifying the legitimacy of communications by authenticating the senders or callers (this includes checking email names and domains)
  2. Not opening links that look suspicious. If unsure about a link sent by a company, go to the company’s website and look for the product or service that was offered
  3. Being alert to phishing scams. This includes scams that target a person through post or email. Phishing scams are attempts by scammers to trick people into providing their personal information passwords, credit card numbers and/or sensitive personal information
  4. Being alert to fraudulent or suspicious transactions on your credit card
  5. Considering changing your email account passwords. Make sure you use strong passwords that you do not use for other accounts
  6. Enabling multi-factor authentication is a good idea where possible.

You can find further information about online safety, cyber security and helpful tips at

MSF Australia’s full Privacy Policy is available here:, and MSF New Zealand’s Privacy Policy is available here: