NSW clubs’ data breach (update) – Central Coast and Sydney 1,050,169 members affected (safety)

03/05/2024
By Ray Shaw
In Consumer Advice

A NSW clubs’ data breach affecting over a million club members may have left them extremely vulnerable to ID Theft.

Update 5/5/24: It appears that the breach was due to a commercial dispute between OutaBox (software) and its Phillippines programmers – call it holding OutaBox to ransom to settle the dispute. A notice on the ‘Have I been Outaboxed’ (programmers) website shows the following:

But CyberShack can confirm that a number of NSW Club members have received scam emails or SMS purporting to be from Club NSW or the affected clubs asking for confirmation of postal address or other personal data. So, we cannot be sure this notice is not a scam either.

Original Article

The Clubs affected include:

Breakers Country Club
Bulahdelah Bowling Club
Central Coast Leagues Club
City of Sydney RSL
Club Old Bar
Club Terrigal
The Ettalong Diggers Club
East Maitland Bowling Club
East Cessnock Bowling Club
Erindale Vikings
Fairfield RSL Club
Gwandalan Bowling Club
Halekulani Bowling Club
Hornsby RSL Club
Ingleburn RSL Club
Merivale
Mex Club Mayfield
The Tradies Dickson
West Tradies

What information has been exposed?

At a minimum, it includes First, Middle, and Last name, address, gender, occupation, date of birth, phone, email, and a digital photo.

We suspect that some clubs may have scanned driver’s license details with a digital photo and signature.

Some clubs may also have your slot-machine usage.

You can check if your details have been exposed here: https://haveibeenoutaboxed.com/.

What precautions you should take?

If an unknown person or company emails, SMS, or calls, it is likely a scam. Do not click on anything or any link.

Do not respond to any email purporting to be from any of the above clubs or OutaBox (the hacked software company).

If driver’s licences are part of the breach (depending on each club), get a new one fast.

If you believe you have become a victim of cybercrime, please report the incident on the Australian Cyber Security Centre Website at www.cyber.gov.au.

CyberShack’s view – NSW clubs’ data breach – take care

This raises the issue of any data breach – why did the club or company require so much data in the first place? It is a strong case for Digital ID Bill passed in Senate – One step close to ID security.

We can only suggest that you be more vigilant and ensure that 2-factor authentication is active on all financial sites. If you are more security conscious, it is time to change all those critical passwords to 16 alphanumeric characters and buy a password manager like LastPass Family.

Previous Post Screen Time for Kids – hyper-connection is harming our children

Next Post Is Telstra Blue Tick accurate for rural phone reception? (smartphone)