Australian-based tech company OutABox supplies gaming and hospitality products used by Clubs NSW have been involved in a data breach after a team of offshore developers claim they have not been paid for work they completed over a year ago.

A website called haveibeenoutaboxed.com claims the drivers licences of more than one million people who visited pubs and clubs across Australia, Asia and the US have been compromised.

It includes signatures, club membership data, home address, birthday, phone number, club visit timestamps, slot machine usage, however at this stage most of the identifying information has been redacted.

A statement on the website claims developers were given access into back-end systems at gaming venues and instructed to backup the data into the cloud.

A search bar on the website allows people to search their name to determine if their data has been compromised.

A ClubsNSW spokesperson said they are “deeply concerned” about the security of patron data that may have been compromised in the OutABox breach.

“While limited information is currently known, we understand that some personal information of patrons of the clubs that use this IT provider may have been compromised,” the spokesperson said.

It is understood the software that was impacted was commonly used during the Covid-19 pandemic to sign-in patrons.

Clubs NSW are urging club patrons to take extra caution in the coming days when reviewing emails or texts to avoid being targeted by security threats.

“In the interim, club patrons are advised to take extra caution when reviewing emails or texts and to avoid clicking on any suspicious or unfamiliar links,” the spokesperson said.

“The clubs concerned are working towards notifying all impacted patrons.

“ClubsNSW have met with all impacted clubs and are providing whatever support we can, noting again that the incident relates to a third-party provider.”

OutABox have contacted the appropriate authorities and the NSW government has also been advised.

A list of 16 clubs that fall under the ClubsNSW banner have been named on the website. Hospitality group Merivale has also been named.

The following venues have been named on the website:

• Breakers Country Club in Wamberal
• Bulahdelah Bowling Club
• Central Coast Leagues Club in Gosford
• Mex. Club in Mayfield
• City of Sydney RSL
• East Cessnock Bowling Club
• Fairfield RSL
• Gwandalan Bowling Club
• Halekulani Bowling Club in Budgewoi
• Ingleburn RSL Club
• Club Old Bar
• Club Terrigal
• West Tradies in Dharruk
• The Diggers Club
• East Maitland Bowling Club
• Hornsby RSL Club
• Merivale
• The Tradies Dickson
• Erindale Vikings

OutABox said they have become aware of a “potential breach of data” and have notified the relevant authorities.

“Outabox has become aware of a potential breach of data by an unauthorised third party from a sign-in system used by our clients,” the company said in a statement on their website.

“We are working as a priority to determine the facts around this incident, have notified the relevant authorities and are investigating in co-operation with law enforcement.”

They said an active police investigation is underway and more details will provided as they become available.

“We understand this news may cause concern to our staff, clients and their customers, and we thank them for their support and patience as we work to resolve this as swiftly as possible,” the statement said.

2GB radio host Ben Fordham said the breach was “causing a lot of worry in the NSW parliament” with some politicians reportedly caught up in the breach.

“Politicians have started to put their names in the website,” Fordham said on Wednesday.

“It’s got details crossed out but enough to know ‘they’ve got my details.”

It is understood Clubs NSW called an emergency meeting on Wednesday night.

They have been contacted for comment.

More related stories

Nation

Activists threaten court action over Harbour Bridge march

Activists demanding access to Sydney Harbour Bridge face a standoff with authorities as police union warns the planned protest would require its closure.

Read more

Nation

Crisafulli defends new crime stats amid claims of data ‘cherrypicking’

Queensland’s new crime data shows victim numbers dropping, but the opposition says tens of thousands of theft victims have been deliberately excluded from the count.

Read more