A million Aussies’ personal data may have been exposed in a data breach involving ClubsNSW, according to a bombshell report by The Daily Telegraph on Thursday.
Australian-based tech company OutABox, located in Sydney, may have shared information with an overseas developer in the process of creating hospitality and gaming products, according to the report.
Patrons often need to provide driver’s licence details, signatures, and addresses to sign into ClubsNSW — information which is stored by the company and which is now believed to have been compromised.
Stream Sunrise free on 7plus 
NSW Police are investigating the reported leak, which is said to have affected clubs including City of Sydney RSL, Central Coast Leagues Club in Gosford, Fairfield RSL, and Ingleburn RSL Club, among others.
On Thursday, Sunrise presenter Monique Wright explained a number of high-profile political figures are also believed to be caught-up in the potential bungle.
“Millions of visitors to popular NSW pubs and clubs have been warned their personal information may have been shared in an online data leak,” Wright said.
“It is understood e-addresses, signatures, dates of birth, phone numbers and even driver’s licence photos may have been shared internationally.
“More than a dozen of the state’s venues were affected, and it has left visitors at risk of having their identities stolen.”
ClubsNSW told 7NEWS on Thursday it had been made aware of a cybersecurity incident.
“ClubsNSW has been made aware of a cybersecurity incident involving a third-party IT provider commonly used by hospitality venues, including fewer than 20 clubs,” it said.
“While limited information is currently known, we understand that some personal information of patrons of the clubs that use this IT provider may have been compromised. The clubs concerned are working towards notifying all impacted patrons.
“We can advise that the appropriate authorities have been notified by the third-party IT provider and the NSW government has also been advised.
“ClubsNSW is deeply concerned about the security of the data that is the subject of the breach.
“We have today met with all impacted clubs and are providing whatever support we can, noting again that the incident relates to a third-party provider.
“We wish to assure club members that additional updates will be provided once further details are confirmed. In the interim, club patrons are advised to take extra caution when reviewing emails or texts and to avoid clicking on any suspicious or unfamiliar links.”
OutABox acknowledged a “potential breach” had taken place in a statement on its website.
“Outabox has become aware of a potential breach of data by an unauthorised third party from a sign-in system used by our clients,” it said.
“We are working as a priority to determine the facts around this incident, have notified the relevant authorities and are investigating in co-operation with law enforcement.
“We are restricted by how much information we are able to provide at this stage, given it is currently under active police investigation.
“We will provide further details as soon as we are able to.“We understand this news may cause concern to our staff, clients, and their customers, and we thank them for their support and patience as we work to resolve this as swiftly as possible.”
Stream free on
