More than one million Australian ID records have been exposed in a data breach, affecting those who have visited pubs and NSW Clubs.
Outabox, the IT services provider that operates the systems for pubs and clubs across NSW, ACT and Victoria, has confirmed that it has suffered a data breach.
Outabox has released a statement on its website addressing the data breach, which has impacted ClubsNSW venues across the state, the ACT, and Victoria.
It said it has become aware of a potential breach of data from an unauthorised third party from a sign in system used by its clients.
“We are working as a priority to determine the facts around this incident, have notified the relevant authorities and are investigating in cooperation with law enforcement,” they said.
“We are restricted by how much information we are able to provide at this stage given it is currently under active police investigation. We will provide further details as soon as we are able to. We understand this news may cause concern to our staff, clients and their customers, and we thank them for their support and patience as we work to resolve this as swiftly as possible.”
Per the Sydney Morning Herald, NSW Police have begun a formal investigation into the data breach. As news broke, a website claimed that 1,050,169 records had been exposed in the breach, with visitors able to enter their name and find out if their data had been exposed.
NSW Police confirmed that it was moving to take the website down.
A man has also been arrested in link to the data breach, and is expected to be charged with blackmail.
The National Cyber Security Coordinator is encouraging people to not visit the site with leaked information.
The Australian Government is coordinating the response to a cyber incident affecting a number of Clubs and other licensed venues in NSW and the ACT.
— National Cyber Security Coordinator (@AUCyberSecCoord) May 2, 2024
The incident involves a content management and data storage provider, Outabox, that provides services to the hospitality and… pic.twitter.com/swZIHroX1E
Outabox said in a statement to the Sydney Morning Herald: “We are aware of a malicious website carrying a number of false statements designed to harm our business and defame our senior staff. We believe this is linked and urge people not to repeat false and reputationally damaging misinformation.”
Meanwhile, ID Support NSW has also issued a statement noting that it is aware of the incident and is “concerned” about the impact on individuals.
“[We] encourage clubs and hospitality venues to notify patrons whose information is affected. The NSW Government understands ClubsNSW has engaged with impacted clubs and advised these venues are working towards notifying patrons whose personal information may have been compromised,” they said.
Those whose IDs have been compromised have been encouraged to get in contact with ID Support NSW by phone or via their online form.
If your data has been on the systems of a pub and club supported by Outabox, it may have been exposed.
We’ll update this story as it develops.
Image: iStock