More than a million Australians who have visited pubs and clubs have had their personal details, including their addresses and phone numbers, exposed in a major data breach.
The information may have been shared with an offshore developer by technology company OutABox, a Sydney-based company that designs IT products and solutions for gaming and hospitality venues across New South Wales.
Prominent politicians are reportedly among the Australians whose confidential information was compromised as a result of the bug that affected dozens of venues under the ClubsNSW brand, prompting a New South Wales police investigation.
The list includes many RSL pubs and clubs across the state, including the City of Sydney RSL.
The compromised information includes addresses, signatures, dates of birth, phone numbers and driver’s license photos.
Sydney City RSL among dozens of pubs and clubs caught in major data breach
It is understood that OutABox hired an offshore developer to build a series of software systems for licensed installations.
The site was created to help those who may have been affected by the data breach verify if they have been affected by searching for their names.
OutAbox reportedly provided developers with full access to the venues’ back-end systems, which house data from customers who have visited the gaming venues.
The data is stored in computers and serves to store large amounts of digitized information.
It is understood that the developers had access to personal data, from names, phones, numbers and addresses to facial recognition screens and driver’s license scans.
The full list of affected locations has been posted on the haveibeenoutaboxed.com website.
OutABox said in a statement that it was aware of the incident that led to the leak of people’s personal data.
“We have been in communication with a group of our customers to inform them and outline our strategy for responding,” they said.
“Due to the ongoing police investigation, we are unable to provide any further information at this time.”
It is understood that New South Wales detectives have launched an investigation into the data breach.
The company said it has been made aware of a “malicious website” containing false claims that it claims was created to harm its business.
Fairfield RSL was also caught up in the data breach
The company did not make clear which website they were referring to.
WhatsNew2Day Australia has contacted OutABox for further comment.
Clubs NSW hosted an emergency meeting with all affected venues on Wednesday.
The organization said in a statement that they are working with venues and authorities to investigate the data breach.
‘The affected clubs are working to notify all affected customers. “We can advise that the third party IT provider has notified the relevant authorities and that the NSW Government has also been informed,” the spokesperson said.
The spokesperson indicated the company is a third-party IT services provider, which is used by dozens of hospitals in the state, and said ClubsNSW is “deeply concerned” about the data breach.
Club and pub patrons have been advised to be aware of any links they receive via text message or email.
WhatsNew2Day Australia has contacted Clubs NSW and NSW Police for further comment.
