Following an inquiry into the major breach of ClubsNSW data, a 46-year-old man was taken into custody.
Around 420 p.m. today, investigators raided a Fairfield West residence after a data breach revealed the identities of over a million individuals.
It was anticipated that the man will face blackmail charges after being brought to the Fairfield Police Station.
Police said they “were alerted to a website that had published the personal information of patrons who signed in using their drivers’ licences at specific premises across NSW” earlier this afternoon.
The station was informed this morning by 2GB Breakfast host Ben Fordham that the breach was “causing a lot of worry in the NSW parliament.”
According to him, the information that was scanned when patrons signed into the clubs included addresses, driver’s license information, signatures, and face recognition.
Up to fifteen clubs are reportedly impacted, including Fairfield RSL, City of Sydney RSL, and West Tradies in Mount Druitt.
Prior to this, police declared that they had found “persons of interest” in their breach probe.
Detective Chief Superintendent Grant Taylor stated, “We will look into a variety of offenses, such as the Crimes Act offense of blackmail and the unlawful possession of personal information.”
“A breach of a third party provider in relation to their ability to obtain that information and release it unlawfully,” according to Taylor, is what the police thought the leak was.
The 46-year-old man was taken into custody by cybercrime detectives in Sydney’s west a little more than an hour later.
According to police, taking down the website “as a matter of priority” and containing the data leak are top priorities.
“Within a million people’s names, no doubt there are individuals of some prominence,” Taylor stated in reference to the possibility that prominent politicians from NSW may be exposed in the data hack.
It was suggested that anyone who believes their identify was revealed in the broach should hold off on contacting the authorities in order to get more details.
ClubsNSW expressed its “deep concern” this morning following the discovery of a third-party data breach that may have exposed the personal information of Australians, including well-known politicians, who have frequented a variety of clubs and RSLs in NSW.
“ClubsNSW has been made aware of a cybersecurity incident involving a third-party IT provider commonly used by hospitality venues, including fewer than 20 clubs,” the peak body stated in a statement.
“The clubs concerned are working towards notifying all impacted patrons.”
The persons behind the website that purportedly revealed the data released a statement in which they claimed to have been “cut off” and unpaid.
It claims to have information such as “facial recognition biometric, driver licence scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage” .
According to the website, the system provider was contracted to “build a suite of software systems” for US, Australian, and Asian casinos and nightclubs.
“The developers were given access into back-end systems at these gaming venues and were given responsibility to maintain the systems and instructed to backup the data into the cloud,” according to the report.
Without any control, developers were granted access to raw data. “Then [the company] abruptly cut the developers off and refused to pay for a year and a half of work.”
Merivale has refuted rumors that its venues were compromised in the breach, despite earlier reports to the contrary.
“We are taking this matter seriously and do not believe that our customer data has been compromised in this third-party data breach, based on the information available to us at this time,” a spokesman for Merivale stated.
The IT company, Outabox, stated that it was “aware and responding to a cyber incident potentially involving some personal information” in relation to ClubsNSW.
“We have been in contact with a few of our clients to let them know about the situation and to lay out our plan of action.
We are unable to provide additional information at this time due to the ongoing Australian police investigation,” a business spokeswoman stated.
“We have discovered a rogue website that disseminates several untrue claims in an effort to damage our company and discredit our senior employees.
We think there is a connection, so we ask individuals not to spread erroneous information that could harm their reputation.”
