NSW Data Breach May Have Impacted a Million Pub and Club Patrons

New South Wales (NSW) authorities are investigating a significant data breach impacting over 1 million patrons of pubs and clubs in the Australian state. The breach centers on sign-in data, potentially exposing sensitive biometric information collected under NSW regulations.

ClubsNSW, an industry group that represents the interests of over 1,200 registered clubs in New South Wales, has confirmed a cybersecurity incident involving Outabox, a third-party IT provider of sign-in and license scanning technology to numerous venues.

A group claiming to be unpaid offshore developers contracted by Outabox has published a website alleging they possess extensive personal data extracted from the system.

The data purportedly includes facial recognition scans, driver’s license scans, signatures, addresses, dates of birth, and even slot machine usage patterns. The website provides a search function for individuals to check if their information is compromised. These claims remain unverified.

Outabox released a statement acknowledging a “potential breach of data by an unauthorized third party from a sign-in system used by our clients.” The firm emphasized its cooperation with law enforcement, and prioritized establishing the facts surrounding the incident.

However, in the same statement, the company strongly disputed claims made on a website alleging the data theft, labeling them as “a number of false statements designed to harm our business and defame our senior staff.”

This breach raises critical concerns as NSW law mandates licensed clubs to collect and securely store certain personal information from patrons. The investigation will focus on the scope of the breach, the specific types of biometric data exposed, and whether Outabox’s security systems complied with regulatory standards designed to protect sensitive patron information.

Source: ACS InformationAge

—

May 2, 2024 — by Tony Bitzionis