In a significant data breach, approximately one million individuals who frequented pubs or RSL clubs have had their driver’s licenses shared online. An article written by news.com.au claims the breach involves OutABox, an Australian-based tech company supplying gaming and hospitality products to several Clubs NSW venues. The breach was allegedly instigated by a team of offshore developers claiming non-payment for work completed over a year ago.

A website, haveibeenoutaboxed.com, has surfaced claiming that the driver’s licenses of over one million individuals, including patrons from Australia, Asia, and the US, have been compromised. The leaked information includes signatures, club membership details, home addresses, birthdays, phone numbers, club visit timestamps, and slot machine usage. However, the majority of identifying information has been redacted thus far.

According to statements on the website, developers were granted access to back-end systems at gaming venues and instructed to back up the data into the cloud. A search function on the website enables individuals to check if their data has been affected.

Expressing deep concern, a ClubsNSW spokesperson highlighted the potential compromise of patron data due to the OutABox breach. While specifics remain limited, it’s understood that member information of club patrons might have been compromised. The affected software was commonly used during the COVID-19 pandemic for patron sign-ins.

Clubs NSW urges patrons to exercise caution when reviewing emails or texts in the following days to avoid potential security threats. They are working with impacted clubs to notify affected patrons and provide support. OutABox has notified relevant authorities and is cooperating with law enforcement in their investigation.

The breach has implicated a list of 16 clubs, including those affiliated with ClubsNSW and the hospitality group Merivale. OutABox has acknowledged the potential breach and is actively investigating the incident.

A website known as haveibeenoutaboxed.com claims that the driver’s licenses of over one million individuals who frequented pubs and clubs across Australia, Asia, and the US have been compromised.

The following venues have been named on the website:

• Breakers Country Club in Wamberal
• Bulahdelah Bowling Club
• Central Coast Leagues Club in Gosford
• Mex. Club in Mayfield
• City of Sydney RSL
• East Cessnock Bowling Club
• Fairfield RSL
• Gwandalan Bowling Club
• Halekulani Bowling Club in Budgewoi
• Ingleburn RSL Club
• Club Old Bar
• Club Terrigal
• West Tradies in Dharruk
• The Diggers Club
• Hornsby RSL Club
• Merivale
• The Tradies Dickson
• Erindale Vikings

An ongoing police investigation is underway, with updates to be provided as they become available.

The breach underscores the vital importance of implementing robust data security measures and secure hosting practices for websites that hold membership/consumer data.

Securing websites demands hours of dedicated attention from security personnel, demanding round-the-clock monitoring. Proper and regular data purging is essential to prevent such security breaches from occurring or mitigate their impact if they do.

Opting for inexpensive hosting packages isn’t always the wisest choice. The common phrase “you get what you pay for” holds true, especially in this context, and should never be dismissed hastily in favour of cheap alternatives.