Man charged with blackmail over clubs data leak

Man arrested over NSW clubs data leak

Source: NSW Police

A man will face court after being charged with blackmail offences after the personal details of visitors at more than a dozen NSW licensed venues were exposed.

Heavily armed NSW Police raided a Fairfield West address in Sydney’s west on Thursday afternoon and arrested a 46-year-old man.

On Friday morning, police said he had been charged with demand with menaces intend obtain gain/cause loss. He will face court on June 12.

If convicted the man faces a maximum sentence of 10 years’ jail.

It follows police being alerted to a website that had published details of patrons who used their drivers’ licences to sign in at 17 venues across NSW.

On Thursday, Detective Chief Superintendent Grant Taylor said the site was live “a number of days ago” but “only really became known to the public in the last 24 hours to 48 hours”.

“We believe it’s a breach of a third-party provider,” he said.

Data about NSW Premier Chris Minns and Deputy Premier Prue Car was reportedly among the information exposed before police flooded the site with requests to prevent further leaks.

Registered clubs are required by law to document and store the personal details of patrons entering their venues in NSW.

Police allege the third-party IT provider contracted to collect the data had sent it offshore to another contractor.

The records were published online, with allegations contracted software developers in the Philippines had not been paid.

Some affected clubs had already severed contracts with the third-party provider, including in one case because it was sending data offshore.

Police are urging patrons to wait until they are advised they have been affected by the breach before changing any details.

But privacy protection expert Philip Bos said the breach illustrated how Australians were often forced to hand over information to organisations that don’t know how to handle confidential data correctly or safely.

NSW Gaming Minister David Harris said the breach was worrying.

“We’re really concerned about the potential impact on individuals and we will encourage clubs and hospitality venues to notify patrons whose information might be affected,” he said.

The exposed records include visitation data, meaning some of the one million records will be near-duplicates.

Alliance for Gambling Reform said the breach could have been avoided by a centralised, secure universal cashless gambling card system.

“This breach highlights just how unaccountable clubs are and how haphazard they are with the mountain of private information they routinely collect from the public, without direct consent,” chief executive Carol Bennett said.

One club affected by the data breach posted to Facebook that it used the provider from January 2021 to October 2022, but no longer used its services.

Club Old Bar said it had started an investigation and was working with the provider to how much of its data may be involved.

The third-party IT company, Outabox, said it was investigating the potential breach by an “unauthorised third party from a sign-in system” and had alerted authorities.

“We are restricted by how much information we are able to provide at this stage given it is currently under active police investigation,” it said.

Investigators overloaded the site on Thursday to disable further searching of records.

Affected club & pubs

  • Breakers Country Club
  • Bulahdelah Bowling Club
  • Central Coast Leagues Club
  • Mex Club Mayfield
  • City of Sydney RSL
  • East Maitland Bowling Club
  • East Cessnock Bowling Club
  • Fairfield RSL Club
  • Gwandalan Bowling Club
  • Halekulani Bowling Club
  • Hornsby RSL Club
  • Ingleburn RSL Club
  • Club Old Bar
  • Club Terrigal
  • The Tradies Dickson
  • Erindale Vikings
  • Merivale pub

-with AAP

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Copyright © 2024 The New Daily.
All rights reserved.