News location:

Canberra Today 12°/14° | Monday, May 20, 2024 | Digital Edition | Crossword & Sudoku

Alleged data-leak blackmailer faces years in jail

The personal information of more than one million people may be compromised in the breach. Photo: NSW Government

By Luke Costin in Sydney

Cybercrime detectives have charged a Sydney man with blackmail after online threats were made to expose one million identity records of Australian club and pub patrons.

The website, uncovered this week, had published the details of people who used their drivers’ licences and other personal details to sign in at 17 venues across the NSW and the ACT.

The ACT clubs were listed as the Tradies at Dickson and the Vikings club at Erindale.

It has prompted calls for better data handling and changes to mandates requiring all 1200 registered clubs in NSW to capture identity data of patrons.

Data about NSW Premier Chris Minns and Deputy Premier Prue Car was reportedly among the information exposed before police flooded the site with requests to prevent further leaks.

Police said the breach was believed to be of a third-party provider.

The website contained allegations of a corporate dispute with software developers and poor data handling practices, including sending data offshore.

But the leak had an integral player on Australian shores in a suburban home in southwestern Sydney, police allege.

Heavily armed police arrived at a Fairfield home on Thursday afternoon before detectives arrested a 46-year-old, dressed in jeans and thongs.

After a night in custody, he was charged with a blackmail offence and released on conditional bail.

If convicted, he faces a maximum of 10 years in prison.

The man is due to face Fairfield Local Court on June 12.

Police are urging patrons to wait until they are advised they have been affected by the breach before changing any details.

But privacy protection expert Philip Bos said the breach illustrates how Australians are often forced to hand over information to organisations that don’t know how to handle confidential data correctly or safely.

Some affected clubs had already severed contracts with the third-party provider, including in one case because it was sending data offshore.

Registered clubs are required by law to document and store the personal details of patrons entering their venues in NSW.

Alliance for Gambling Reform said the breach could have been avoided by a centralised, secure universal cashless gambling card system.

“This breach highlights just how unaccountable clubs are and how haphazard they are with the mountain of private information they routinely collect from the public, without direct consent,” chief executive Carol Bennett said in a statement.

The exposed records include patrons’ individual entries, meaning some of the 1.05 million records will be near-duplicates.

Man arrested after club visitor data exposed in breach

Who can be trusted?

In a world of spin and confusion, there’s never been a more important time to support independent journalism in Canberra.

If you trust our work online and want to enforce the power of independent voices, I invite you to make a small contribution.

Every dollar of support is invested back into our journalism to help keep citynews.com.au strong and free.

Become a supporter

Thank you,

Ian Meikle, editor

Share this

Leave a Reply

Related Posts

Follow us on Instagram @canberracitynews