NSW police arrest man over big data leak from clubs, pubs

The data that has been leaked includes names and addresses which had been collected by a company known as Outabox, a technology provider used by a number of clubs and pubs, including the big hospitality firm Merivale.

A website called Outaboxed offered those who fear their data has been stolen a chance to check and see whether this is the case. The site claims it has 1,050,169 records which include the data of Premier Chris Minns, Deputy Premier Prue Car and Police Minister Yasmin Catley.

The site provides a list of some of the venues that are affected, and warns that anyone who has visited any of these venues since 2020 is likely to have had their data stolen.

{loadposition sam08}The website is registered as being hosted in Bouvet Island in Antarctica and the DNS details say the owner's details are "REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, KN".

The home page of the website. Police are working to take it down. Screenshot by Sam Varghese

Detectives arrested a 46-year-old man after executing a search warrant in Fairfield West on Thursday.

On its website, ClubsNSW said it had been made aware of a cyber security incident involving a third-party IT provider commonly used by hospitality venues, including 16 clubs.

"While limited information is currently known, we understand that some personal information of patrons of the clubs that use this IT provider may have been compromised. If you are a member club and have any concerns, please call ClubASSIST on 1300 730 001 or at enquiries@clubsnsw.com.au."

Contacted for comment, Brett Callow, a senior ransomware threat researcher with the New Zealand-based security firm Emsisoft, said: "Insiders - and former insiders - can represent a security risk, especially when pissed off.

"Treating employees and contractors well can help mitigate those risks, as can proper internal controls, of course."