An unauthorised website claims personal information from more than 1 million customer records from at least 16 licensed NSW clubs has been released online in a potential data breach.
Cybercrime detectives are investigating the reported breach, with the website claiming to have records and personal information of senior government figures, including Premier Chris Minns, Deputy Premier Prue Car and Police Minister Yasmin Catley.
IT provider Outabox said in a statement it had become aware of the potential data breach of a sign-in system used by its clients by an “unauthorised” third party.
“We are working as a priority to establish the facts around this incident, have notified the relevant authorities and are investigating in cooperation with law enforcement,” Outabox said in a statement.
“We are restricted by how much information we are able to provide at this stage given it is currently under active police investigation.”
It is a legal requirement in NSW for licensed clubs to collect personal information from patrons on entry, under the state’s registered clubs legislation.
The information is required to be stored securely under federal privacy laws.
Government agency ID Support NSW confirmed 16 licensed clubs across NSW had been implicated in the data breach:
- Breakers Country Club
- Bulahdelah Bowling Club
- Central Coast Leagues Club
- Mex Club Mayfield
- City of Sydney RSL
- East Cessnock Bowling Club
- Fairfield RSL Club
- Gwandalan Bowling Club
- Halekulani Bowling Club
- Hornsby RSL Club
- Ingleburn RSL Club
- Merivale
- Club Old Bar
- Club Terrigal
- The Tradies Dickson
- Erindale Vikings
Not just members affected
Gaming Minister David Harris said the government and police first became aware of the potential breach on Tuesday.
“We know that this is an alleged data breach of a third-party vendor, so it wasn’t a hack,” he said.
“There was a high-level meeting yesterday and the authorities, cybersecurity and police organisations are currently investigating that and when we get authorisation we can give more information.”
Mr Harris said patrons did not have to be a member of a club to be potentially impacted.
“If you had visited those venues then, potentially, you would be involved in this,” he said.
Cybercrime squad are investigating
ID Support NSW said it would assist customers impacted by the incident.
“We are concerned about the potential impact on individuals and urge clubs and hospitality venues to notify patrons whose information is affected,” it said in a statement.
“ID Support NSW is also available to help those affected reduce their risk of identity theft following this incident.”
NSW Police have confirmed detectives from the state’s cybercrime squad are investigating the potential breach but said no further information was available because the investigation was ongoing.
ClubsNSW said in a statement information on the breach was limited.
“The clubs concerned are working towards notifying all impacted patrons,” the statement said.
“ClubsNSW is deeply concerned about the security of the data that is the subject of the breach. We have today met with all impacted clubs and are providing whatever support we can, noting again that the incident relates to a third-party provider.”
ClubsNSW urged all club members to watch out for scams and avoid clicking on links in suspicious or unknown emails and texts.
� 2020 Australian Broadcasting Corporation. All rights reserved.
ABC Content Disclaimer