Club patrons’ data leaked
More than a million visitors to popular venues at risk of having their identity stolen
More than a million visitors to some of the most popular pubs, clubs and restaurants in NSW may be at risk of having their identity stolen after crucial personal data was shared internationally.
It is understood addresses, signatures, dates of birth, phone numbers and even driver’s licence photographs may have been shared by Australian-based tech company OutABox with an overseas developer, in the process of creating gaming and hospitality products. Several high-profile political figures are among those believed to have had their details compromised.
In a statement, Outabox said it “is aware and responding to a cyber incident potentially involving some personal information’’.
“We have been in communication with a group of our clients to inform them and outline our strategy to respond.
“Due to the ongoing Australian police investigation, we are not able to provide further information at this time.
“We are aware of a malicious website carrying a number of false statements designed to harm our business and defame our senior staff. We believe this is linked and urge people not to repeat false and reputationally damaging misinformation.’’
A website called haveibeenoutaboxed.com has been created, in which a search option allows those affected to look up their names. The data leak surfaced on Wednesday when text messages were sent by OutABox to some individuals who have been impacted.
The Daily Telegraph understands that some of those businesses affected include Merivale venues and a total of 17 pubs and RSL clubs in NSW that fall under the ClubsNSW banner. An emergency meeting was held between ClubsNSW and those venues on Wednesday, while the NSW Government was also made aware of the data breach.
“ClubsNSW has been made aware of a cybersecurity incident involving a third-party IT provider commonly used by hospitality venues, including fewer than 20 clubs,” a spokesperson said .
“While limited information is currently known, we understand that some personal information of patrons of the clubs that use this IT provider may have been compromised.
“The clubs concerned are working towards notifying all impacted patrons. We can advise that the appropriate authorities have been notified by the third-party IT provider and the NSW Government has also been advised. ClubsNSW is deeply concerned about the security of the data that is the subject of the breach. We have today met with all impacted clubs and are providing whatever support we can. We wish to assure club members that additional updates will be provided once further details are confirmed. “In the interim, club patrons are advised to take extra caution when reviewing emails or texts (or opening links).’’