Clubs data breach appears to expose 1 million Aussies’ data

Posted by
Check your BMI

A data breach appears to have exposed the details of Australians who have visited a range of clubs and RSLs in NSW, including prominent politicians.

Developers subcontracted by the company that provides sign-in systems for the clubs said they had published details of more than a million visitors online, prompting a NSW Police investigation.

2GB Breakfast host Ben Fordham told the station the unfolding breach was “causing a lot of worry in the NSW parliament”.

toonsbymoonlight

He said the apparent leak involved the data scanned when people signed into the clubs, including facial recognition, driver licence details, signatures and addresses.

“There is a company that has allegedly not paid some software developers in the Philippines,” Fordham said.

“Those software developers have now put up their own website, and they’ve essentially said ‘we were given access to all of these systems, our bills haven’t been paid in a year and a half and we’re not happy about it’.”

Fordham warned it was unclear whether searching the website for personal details was safe.

“Politicians have started to put their names in the website,” Fordham said.

“It’s got details crossed out but enough to know ‘they’ve got my details.”

“What they’re essentially doing is saying look, if you don’t pay our bill, well you can only allow your imagination to work out what’s going to happen next.”

West Tradies in Mt Druitt, City of Sydney RSL and Fairfield RSL are among those involved.

The website claiming to expose the data carries a statement from the people behind it alleging they were “cut off” and not paid.

It says it has data including “facial recognition biometric, driver licence scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage”.

The site claims the system provider was hired to “build a suite of software systems” for casinos and clubs in Asia, Australia and the US.

“The developers were given access into back end systems at these gaming venues and were given responsibility to maintain the systems and instructed to backup the data into the cloud,” it says.

“Developers were given access to raw data without any oversight …

“Then [the company] suddenly cut the developers off and refused to pay for a year and a half of work.”

Clubs NSW is understood to have had an emergency meeting.

Fordham said bar giant Merivale was also affected.

NSW Police said officers from the State Crime Command’s Cybercrime Squad were “investigating a potential data breach”.

Clubs NSW, Merivale and the sign-in system provider have been contacted for comment.