NSW clubs’ data breach (update) – Central Coast and Sydney 1,050,169 members affected (safety)
A NSW clubs’ data breach affecting over a million club members may have left them extremely vulnerable to ID Theft.
Update 5/5/24: It appears that the breach was due to a commercial dispute between OutaBox (software) and its Phillippines programmers – call it holding OutaBox to ransom to settle the dispute. A notice on the ‘Have I been Outaboxed’ (programmers) website shows the following:
But CyberShack can confirm that a number of NSW Club members have received scam emails or SMS purporting to be from Club NSW or the affected clubs asking for confirmation of postal address or other personal data. So, we cannot be sure this notice is not a scam either.
Original Article
The Clubs affected include:
- Breakers Country Club
- Bulahdelah Bowling Club
- Central Coast Leagues Club
- City of Sydney RSL
- Club Old Bar
- Club Terrigal
- The Ettalong Diggers Club
- East Maitland Bowling Club
- East Cessnock Bowling Club
- Erindale Vikings
- Fairfield RSL Club
- Gwandalan Bowling Club
- Halekulani Bowling Club
- Hornsby RSL Club
- Ingleburn RSL Club
- Merivale
- Mex Club Mayfield
- The Tradies Dickson
- West Tradies
What information has been exposed?
At a minimum, it includes First, Middle, and Last name, address, gender, occupation, date of birth, phone, email, and a digital photo.
We suspect that some clubs may have scanned driver’s license details with a digital photo and signature.
Some clubs may also have your slot-machine usage.
You can check if your details have been exposed here: https://haveibeenoutaboxed.com/.
What precautions you should take?
If an unknown person or company emails, SMS, or calls, it is likely a scam. Do not click on anything or any link.
Do not respond to any email purporting to be from any of the above clubs or OutaBox (the hacked software company).
If driver’s licences are part of the breach (depending on each club), get a new one fast.
If you believe you have become a victim of cybercrime, please report the incident on the Australian Cyber Security Centre Website at www.cyber.gov.au.
CyberShack’s view – NSW clubs’ data breach – take care
This raises the issue of any data breach – why did the club or company require so much data in the first place? It is a strong case for Digital ID Bill passed in Senate – One step close to ID security.
We can only suggest that you be more vigilant and ensure that 2-factor authentication is active on all financial sites. If you are more security conscious, it is time to change all those critical passwords to 16 alphanumeric characters and buy a password manager like LastPass Family.