Data breach: More than one million Aussies who visited ClubsNSW venues at risk of identity theft
More than a million Aussies who visited pubs and clubs have had personal details including their addresses and phone numbers exposed in a major data breach.
The private data may have been shared with an overseas developer by technology company OutABox, a Sydney-based company that designs IT products and solutions for gaming and hospitality venues in NSW.
Prominent politicians are reportedly among the Aussies who have had sensitive information compromised as a result of the crash which has affected dozens of venues under the ClubsNSW banner, prompting a NSW Police investigation.
The list includes many pubs and RSL clubs across the state, including City of Sydney RSL.
Compromised information includes addresses, signatures, dates of birth, phone numbers and driver’s license photos.
City of Sydney RSL is one of dozens of pubs and clubs hit by a major data breach
It is understood that OutABox has contracted an offshore developer to build a range of software systems for licensed premises.
The tech company then gave the developer full access to on-site back-end systems, which contained customer data, The Daily Telegraph reported.
The data is stored on computers and can store large amounts of digitized information.
The developers would have had access to the personal data, from names, phone numbers and addresses to facial recognition displays and driver’s license scans.
The full list of affected locations has been posted on the website haveibeenoutaboxed.com.
“Anyone who has visited any of these locations since 2020 is likely to have had their visit recorded and personal information leaked,” it said.
NSW investigators have launched an investigation into the data breach.
2GB breakfast host Ben Fordham said the situation was “raising a lot of concern in the NSW Parliament”.
OutABox said it was aware of and responded to a cyber incident that may have involved personal information.”
Fairfield RSL is also involved in the data breach
“We have communicated with a group of our customers to inform them and outline our strategy to respond,” a statement said.
“Due to the ongoing police investigation, we are unable to provide any further information at this time.”
OutABox added that it was aware of a “malicious website,” which contained false statements that they say were designed to harm their business.
“We believe this is related and urge people not to repeat false and reputation-damaging disinformation,” the company added
Daily Mail Australia contacted OutABox for further comment.
Clubs NSW held an emergency meeting with the affected venues on Wednesday.
The peak organization is ‘deeply concerned’ about the data breach and is now working with the affected locations and authorities.
‘The clubs involved are working to notify all affected customers. “We can advise that the appropriate authorities have been notified by the third party IT provider and the NSW Government has also been notified,” a spokesperson said.
The latest major data breach has exposed the personal information of more than a million Australians (stock image)
The spokesperson indicated that OutABox is a third-party IT services provider used by dozens of hospitality venues in NSW.
Club and pub goers are advised to take extra care when viewing or opening links in emails or text messages.
Daily Mail Australia has contacted Clubs NSW and NSW Police for further comment.