Patrons at risk after clubs peak body discovers major data breach
By
Seia Ibanez
- Replies 13
The digital age has brought a host of conveniences, but as we've been reminded yet again, it also carries significant risks.
The latest incident to send shockwaves through the community is a major data breach that has left ClubsNSW, the peak body representing clubs and Returned and Services Leagues (RSLs) in New South Wales, ‘deeply concerned’.
This breach has potentially exposed the personal details of over a million Australians, including prominent politicians who have visited various clubs nationwide.
The breach was discovered when developers subcontracted by the company that provides sign-in systems for these clubs claimed they had the option of publishing visitor details online.
This alarming revelation has prompted an investigation by the NSW Police.
ClubsNSW issued a statement this morning, acknowledging the breach and its potential impact on patrons' privacy.
‘ClubsNSW has been made aware of a cybersecurity incident involving a third-party IT provider commonly used by hospitality venues, including fewer than 20 clubs,’ a ClubsNSW spokesperson said in a statement.
'While limited information is currently known, we understand that some personal information of patrons of the clubs that use this IT provider may have been compromised.’
The affected clubs are now scrambling to notify all impacted patrons, and ClubsNSW has assured that the 'appropriate authorities' have been notified and that affected clubs are being offered support.
Club patrons were also warned to be cautious of unfamiliar texts or emails, especially with website links.
The situation was brought to light by 2GB Breakfast host Ben Fordham, who described the unfolding breach as ‘causing a lot of worry in the NSW parliament’.
‘There is a company that has allegedly not paid some software developers in the Philippines,’ Fordham said.
‘Those software developers have now put up their own website, and they've essentially said, “We were given access to all of these systems, our bills haven't been paid in a year and a half, and we're not happy about it”.’
The website set up by these developers claims to have a vast array of personal data, including 'facial recognition biometric, driver licence scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage’.
‘The developers were given access into back-end systems at these gaming venues and were given responsibility to maintain the systems and instructed to backup the data into the cloud,’ it said.
‘Developers were given access to raw data without any oversight...Then [the company] suddenly cut the developers off and refused to pay for a year and a half of work.’
West Tradies in Mt Druitt, City of Sydney RSL and Fairfield RSL were among those involved.
It’s understood that ClubsNSW has had an emergency meeting to address the breach, and the bar giant Merivale has also been reported to be affected.
The NSW Police Cybercrime Squad were ‘investigating a potential data breach’.
In a similar story, a Woolworths popular payment feature was temporarily suspended after a security breach.
Everyday Pay users have been said to be personally targeted by scammers, which led to them providing details to them. You can read more about the story here.
Have you been affected by this or a similar data breach? How do you protect your personal information in the digital age? Share your thoughts and experiences in the comments below.
The latest incident to send shockwaves through the community is a major data breach that has left ClubsNSW, the peak body representing clubs and Returned and Services Leagues (RSLs) in New South Wales, ‘deeply concerned’.
This breach has potentially exposed the personal details of over a million Australians, including prominent politicians who have visited various clubs nationwide.
The breach was discovered when developers subcontracted by the company that provides sign-in systems for these clubs claimed they had the option of publishing visitor details online.
This alarming revelation has prompted an investigation by the NSW Police.
ClubsNSW issued a statement this morning, acknowledging the breach and its potential impact on patrons' privacy.
‘ClubsNSW has been made aware of a cybersecurity incident involving a third-party IT provider commonly used by hospitality venues, including fewer than 20 clubs,’ a ClubsNSW spokesperson said in a statement.
'While limited information is currently known, we understand that some personal information of patrons of the clubs that use this IT provider may have been compromised.’
The affected clubs are now scrambling to notify all impacted patrons, and ClubsNSW has assured that the 'appropriate authorities' have been notified and that affected clubs are being offered support.
Club patrons were also warned to be cautious of unfamiliar texts or emails, especially with website links.
The situation was brought to light by 2GB Breakfast host Ben Fordham, who described the unfolding breach as ‘causing a lot of worry in the NSW parliament’.
‘There is a company that has allegedly not paid some software developers in the Philippines,’ Fordham said.
‘Those software developers have now put up their own website, and they've essentially said, “We were given access to all of these systems, our bills haven't been paid in a year and a half, and we're not happy about it”.’
The website set up by these developers claims to have a vast array of personal data, including 'facial recognition biometric, driver licence scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage’.
‘The developers were given access into back-end systems at these gaming venues and were given responsibility to maintain the systems and instructed to backup the data into the cloud,’ it said.
‘Developers were given access to raw data without any oversight...Then [the company] suddenly cut the developers off and refused to pay for a year and a half of work.’
West Tradies in Mt Druitt, City of Sydney RSL and Fairfield RSL were among those involved.
It’s understood that ClubsNSW has had an emergency meeting to address the breach, and the bar giant Merivale has also been reported to be affected.
The NSW Police Cybercrime Squad were ‘investigating a potential data breach’.
In a similar story, a Woolworths popular payment feature was temporarily suspended after a security breach.
Everyday Pay users have been said to be personally targeted by scammers, which led to them providing details to them. You can read more about the story here.
Key Takeaways
- ClubsNSW has discovered a third-party data breach potentially exposing visitor details, including those of prominent politicians.
- Personal information from attendees at fewer than 20 clubs using the compromised IT provider may be at risk.
- The breach involves a subcontractor who has allegedly not been paid, leading to threats of wider data release.
- NSW Police's Cybercrime Squad is investigating the breach, with ClubsNSW and affected venues responding to the situation.