Tech
Cybersecurity Breach at OutABox Impacts Hundreds of Thousands in NSW and ACT Hospitality Venues
An IT provider called OutABox, utilized by numerous hospitality venues across New South Wales (NSW) and the Australian Capital Territory (ACT), recently reported a data breach that has affected a significant number of residents in these regions.
Reports indicate that over a million records of club and pub patrons were accessed in this incident, which has raised concerns over the leakage of personal data including names and addresses. OutABox, the IT provider at the center of this breach, is a service provider for various establishments, including the popular hospitality giant Merivale, among others.
The breach was discovered when a website claiming to allow individuals to search names within the leaked database emerged. As a response, the NSW Police state crime command’s cybercrime squad, through Strike Force Division, has initiated an investigation to ascertain the origin of the breach and any potential criminal implications involved.
Detective Acting Superintendent Gillian Lister, leading the Cybercrime Squad, has advised individuals to be vigilant about their online security practices and to consider measures like strengthening passwords and enabling two-factor authentication where feasible.
ClubsNSW, an association representing numerous clubs in the state, acknowledged the cybersecurity incident, specifically mentioning its impact on 16 clubs and several pubs. They highlighted that patrons’ personal information might have been compromised, and efforts are underway to notify those affected.
The situation has prompted Gaming Minister David Harris to urge venues potentially affected by the breach to inform their patrons promptly about the security lapse.
OutABox addressed the breach, attributing it to an unauthorized third party gaining access to data from a sign-in system used by their clients. They have notified relevant authorities and are working closely with law enforcement to address the issue quickly.
Given the severity of the breach, there are growing concerns over the security of the data exposed, with the Central Coast Leagues Club expressing apprehension about the compromise of members’ and visitors’ personal information. Merivale, a prominent entertainment and hospitality group, stated that they believe their customer data remains intact and unaffected by the breach at this stage.
Further investigation is ongoing by the NSW Police, including efforts to take down the website hosting the leaked data. Detective Acting Superintendent Gillian Lister emphasized the need for individuals to practice good cyber hygiene and exercise caution while interacting with online communications, especially if they suspect their details might have been compromised.