Over 1 Million ClubsNSW Customers Potentially Impacted by OutABox Data Breach

May 2, 2024

Over one million Australians are at risk of feeling the impacts of a major data breach, under the ClubsNSW banner. The OutABox data breach is said to have released personal details such as addresses, phone numbers, signatures, driver’s license photos and date of births.

Australian-based tech company, OutABox, who was a third-party IT organisation used by ClubsNSW venues, was reportedly working with an overseas developer to create gaming and hospitality products when the data may have been shared mistakenly.

NSW Police have confirmed that an investigation into the OutABox data breach is currently underway by the State Command’s Cybercrime Squad, however no further details have yet been shared.

OutABox Data Breach: OutABox Reaction

Over 1 Million ClubsNSW Customers Potentially Impacted by OutABox Data Breach - Adept IT Solutions | IT Service and Support Newcastle, Hunter and Central Coast

OutABox released a statement, saying it was “aware and responding to a cyber incident potentially involving some personal information”.

“We have been in communication with a group of our clients to inform them and outline our strategy to respond. Due to the ongoing Australian police investigation, we are not able to provide further information at this time,” the IT company said.

“We are aware of a malicious website carrying a number of false statements designed to harm our business and defame our senior staff. We believe this is linked and urge people not to repeat false and reputationally damaging misinformation.”

The website mentioned, according to The Daily Telegraph, is haveibeenoutaboxed.com, which has a search function to allow those who were affected to look up their names. The website currently claims that at least 19 ClubsNSW venues have been caught up in this OutABox data breach, with updates coming regularly:

  1. Breakers Country Club in Wamberal
  2. Bulahdelah Bowling Club
  3. Central Coast Leagues Club in Gosford
  4. Mex Club in Mayfield
  5. City of Sydney RSL
  6. The Diggers Club
  7. East Maitland Bowling Club
  8. East Cessnock Bowling Club
  9. Fairfield RSL
  10. Gwandalan Bowling Club
  11. Halekulani Bowling Club in Budgewoi
  12. Hornsby RSL Club
  13. Ingleburn RSL Club
  14. Merivale
  15. Club Old Bar
  16. Club Terrigal
  17. The Tradies Dickson
  18. Erindale Vikings
  19. West Tradies

An emergency meeting has been held between ClubsNSW and the potentially affected venues, with the state government also being notified of the OutABox data breach.

OutABox DataBreach: Government Reaction

Over 1 Million ClubsNSW Customers Potentially Impacted by OutABox Data Breach - Adept IT Solutions | IT Service and Support Newcastle, Hunter and Central Coast

A spokesperson noted in regards to the OutABox data breach, that there was currently limited information, and it was working with the venues to notify its patrons. It is advised to those who have visited any of the alleged venues impacted by the data breach, to be cautious when opening links in emails and text messages.

Shadow home affairs and cyber security minister James Paterson has come out advocating for transparency from both OutABox, as well as the pubs and clubs around the situation.

“It’s very important the service provider here in Australia is very transparent about what has happened. I’ve seen a statement they put out… which is frankly pretty defensive and didn’t provide much information.”

“While they (pubs and clubs) are required to collect this information by law… it’s not clear to me they need to continue to hold this data beyond a certain period of time.”

“And if it is the case they’ve been storing it longer than they should’ve been then they’ve exacerbated this risk. It’s critical the government get involved.”

The Real Costs of a Data Breach for Businesses

Over 1 Million ClubsNSW Customers Potentially Impacted by OutABox Data Breach - Adept IT Solutions | IT Service and Support Newcastle, Hunter and Central Coast

A data breach for your business is detrimental to a number of different factors, far beyond just immediate financial losses. Reputational damages, as seen already in the immediate aftermath of the OutABox data breach, is one that may take quite some time to recover from. As well as this, actions must be taken to rebuild that trust from valued customers and the public.

What is most likely the next step in relation to the OutABox data breach seen recently, legal and compliance consequences are expected to come. Whilst the breach is an impact in itself, there are a number of rules and regulations that must be followed when handling personal and sensitive data of individuals.

While it may be difficult to fully grasp the lasting effects of a data breach, businesses must recognise the significance of proactive risk management and cybersecurity measures to moderate the long-term consequences and defend their future success.

If you would like to learn more about our services or our cutting-edge cyber security awareness and training platform, click here. Or feel free to contact Adept IT Solutions on 1300 4 23378 (ADEPT) or email us at info@adept-it.com.au.

Check out our other articles