NSW clubs’ data breach (update) – Central Coast and Sydney 1,050,169 members affected (safety)

A NSW clubs’ data breach affecting over a million club members may have left them extremely vulnerable to ID Theft.

Update 5/5/24: It appears that the breach was due to a commercial dispute between OutaBox (software) and its Phillippines programmers – call it holding OutaBox to ransom to settle the dispute. A notice on the ‘Have I been Outaboxed’ (programmers) website shows the following:

But CyberShack can confirm that a number of NSW Club members have received scam emails or SMS purporting to be from Club NSW or the affected clubs asking for confirmation of postal address or other personal data. So, we cannot be sure this notice is not a scam either.

Original Article

The Clubs affected include:

  1. Breakers Country Club
  2. Bulahdelah Bowling Club
  3. Central Coast Leagues Club
  4. City of Sydney RSL
  5. Club Old Bar
  6. Club Terrigal
  7. The Ettalong Diggers Club
  8. East Maitland Bowling Club
  9. East Cessnock Bowling Club
  10. Erindale Vikings
  11. Fairfield RSL Club
  12. Gwandalan Bowling Club
  13. Halekulani Bowling Club
  14. Hornsby RSL Club
  15. Ingleburn RSL Club
  16. Merivale
  17. Mex Club Mayfield
  18. The Tradies Dickson
  19. West Tradies

What information has been exposed?

At a minimum, it includes First, Middle, and Last name, address, gender, occupation, date of birth, phone, email, and a digital photo.

We suspect that some clubs may have scanned driver’s license details with a digital photo and signature.

Some clubs may also have your slot-machine usage.

You can check if your details have been exposed here: https://haveibeenoutaboxed.com/.

What precautions you should take?

If an unknown person or company emails, SMS, or calls, it is likely a scam. Do not click on anything or any link.

Do not respond to any email purporting to be from any of the above clubs or OutaBox (the hacked software company).

If driver’s licences are part of the breach (depending on each club), get a new one fast.

If you believe you have become a victim of cybercrime, please report the incident on the Australian Cyber Security Centre Website at www.cyber.gov.au.

CyberShack’s view – NSW clubs’ data breach – take care

This raises the issue of any data breach – why did the club or company require so much data in the first place? It is a strong case for Digital ID Bill passed in Senate – One step close to ID security.

We can only suggest that you be more vigilant and ensure that 2-factor authentication is active on all financial sites. If you are more security conscious, it is time to change all those critical passwords to 16 alphanumeric characters and buy a password manager like LastPass Family.