The addresses, signatures, dates of birth, phone numbers and even driver’s licence photographs of more than one million people collected by pubs and clubs are believed to have been shared by Australian-based tech company OutABox – who create gaming and hospitality products including for 17 pubs and clubs across the state – with a third-party contractor, who then allegedly threatened to leak them online.

NSW Police arrested that alleged contractor – a 46-year-old man from Fairfield West – on Thursday night and took him to Fairfield Police Station.

Cybercrime Squad detectives charged him with blackmail and he was granted conditional bail to appear back in court in June.

But the data breach has raised concerns about venues going beyond the requirements of the Registered Clubs Act, which demands only the full name and address of each full member be kept, not one-off visitors.

Liberal MP and Hornsby RSL Club regular Matt Kean was one of those caught up in the data leak and called on the state government to look at what is necessary to visit pubs and clubs.

“Why in 2024 is it still necessary to hand over all my personal information to just go and get a beer?” Mr Kean said.

“Where is the government? They need to ensure that when people go down to get a schnitzel they are not handing their personal information to scammers in the Philippines.

“If I am required to hand over my personal information then why are clubs not required to safeguard it appropriately?

“You can go get a passport with my name in that data, you can get a credit card. The ones I’m most worried about are our senior citizens, they’re particularly vulnerable in this situation and the government, as well as our pubs and clubs, should be supporting them.”

NSW Police became aware of the data breach late on Wednesday night after OutABox – who is not accused of any wrongdoing and police said were co-operating fully – notified the federal government’s cybersecurity hotline and launched their investigation.

Detectives moved quickly and formed Strike Force Division which on Thursday afternoon carried out a search warrant after tracing the haveibeenoutaboxed.com website – where the threats about data leaking were made – back to a home in Fairfield West.

The Daily Telegraph understands the man who was charged had previously been contracted by OutABox.

Cybercrime Squad boss Gillian Lister said the breach was a reminder for people to check their personal cyber security.

“Now is the optimal time to make sure your cyber hygiene is good; you have strong passwords and are using two-factor authentication where possible,” Detective Acting Superintendent Lister said.

“If you think your details may have been compromised, use extra caution when reviewing emails or texts and never click on a suspicious or unfamiliar link.

“Always make sure to report incidents of cybercrime through the Australian Cyber Security Centre or Scamwatch.”

Cybersecurity expert and CEO of Scantek Solutions, Ches Rafferty said if signatures, addresses, phone numbers and licence photos did end up in the wrong hands, there was no telling how much damage could be done.

“If you’ve got all of that data, effectively many businesses will allow people to set up accounts for credit cards or loans,” Mr Rafferty said.

“It can be used to trick existing companies (you associate with) like banks that you've got all the right information (to steal your identity).”

Mr Rafferty said there were several important things to do for anyone whose information had been leaked.

“The first thing is to be really aware of any potential unusual behaviour, if unusual people are contacting you, be very suspicious of that,” Mr Rafferty said.

“If you have any bank or telco companies reaching out to you, I’d hang up and call back their main line which you can find on Google and make sure they’re legitimate.

“If you are 100 per cent sure that you have been breached, I would recommend reporting your physical ID and driver's licence as stolen, and getting a new one issued.”

Do you have a story for The Daily Telegraph? Message 0481 056 618 or email tips@dailytelegraph.com.au