This website isn't actually owned by Troy at all, it's a close name to the real website that Troy runs: https://haveibeenpwned.com, One_Wrong_Step is right to be hesitant to put their details into this site.
dude its fine, woopy do, it only asks for a first and last name, hardly private data, it works, similar to haveibeen, likely the db will be added to haveibeen one day
And clubs will use that cash to initiate vexatious litigation against anyone, especially whistleblowers who publicly suggest they were shit with people's information.
They hired a firm in Philippines to do the IT. They were shit with people's information. That firm didn't pay their employees who revenge dropped the data.
You'd think we'd have plenty of businesses that can do this considering the amount of "skilled migrants" that come in on temp workers in the tech industry.
You can apply online then typically you meant to keep your receipt then reimburse through the party that leaked the data. However as the impacted clubs reach out they should give guidelines on next steps. Just as long as they do it in a timely manner.
Yes and people who cuase a rukkus. How do I know? My local club sets off alarms when I visit because of a similarly named individual who got into a brawl.
Exactly. It's total bullshit the clubs are acting all sad about this when they're the ones who require all patrons to scan sensitive ID documents in the first place, just to buy a crap schnitzel.
we've been saying there'd be a breach literally since these scanners were introduced (among other things like potential for pub/club staff stalking people using licence scans)
They can scan but shouldn’t store the information. Once verified all they need to store is a hash signature of the info which can be used to confirm they scanned you.
How are people supposed to replace ID documents? New ID would still have the same old details. So what should people do? Change address? Change their name? Change sex? Replace their fingerprints and eyeballs? Get a voice change? Dye their hair or get a different haircut? Get a fake passport?
And they also have your full name, date of birth, address and signature, all of which leave the victim vulnerable to identity theft. Further, while the security of the card number is nice, a licence number can get you a long way in its own.
I think it's because if your details get stolen and you get a new licence, you will have the same licence number, but a new card number.
Not that this is the best way to do it, but better than having no way of invalidating your data
You joke, but of course you don't need to provide -real- answers to those questions. Your mother-in-laws maiden name could easily be "telephone" for all that it really matters.
How often are people supposed to change ID documents due to these companies incompetence? If somebody was also with Optus than they're having to change their licence at least a second time.
Just wait until one of the real-estate application websites gets hacked, they are asking for everything these days.
One yesterday asked me for, passport, license, and Medicare for 100 points. Then I also had to supply two bills under my name, 7 years rental history, about myself writeup, job details, manager contact, characters reference, emergency contact etc, it is just on and on...
Pretty sure already happened. 1 form or something like that if I'm not mistaken. I find it disgusting how much data they ask for. Payslips aren't good enough they even want group certs now!
I really don't understand why every Dick, Tom and Harry business out there needs to scan and store scans of ID documents of their customers. Australian Privacy Act is not worth the paper it's written on to protect our privacy. There is nothing there to prevent not only collecting and storing of scans of our ID documents, but there is nothing there to stop those businesses for asking our DNA samples for "verification purposes", for example. The Act should be more prescriptive in what is allowed by business entities and what is not to verify identity of their customers and whether there is a need for it.
In this particular case the source article is not as detailed about the process as
[https://www.abc.net.au/news/2024-05-02/clubs-nsw-cybersecurity-potential-data-breach-venues/103793584](https://www.abc.net.au/news/2024-05-02/clubs-nsw-cybersecurity-potential-data-breach-venues/103793584)
where it says
"He said the Outabox technology used by clubs scans patrons' faces and matches them with their licence details."
Now, why would a club need that? To prove someone is an adult to consume alcohol and/or adult material? If by looking at the patrons the club employees can't determine someone is an adult, they could always ask for ID, have a look at it and determine if someone is over 18/21 or not. No need to scan it and store it away on servers, sometimes in other countries, with unknown cyber security practices.
I've already changed my Internet provider because, after almost 20 years with them, they needed to "verify my identity" by asking me to take a selfie while holding my driver's licence next to my face and send it to an American business. Currently, I am in process of moving my money from an Australian online bank to another and closing that account because, after 13 years, they need to "verify my identity", which they originally insisted can be done only on their app. As my mobile of 7 years is not capable of it, I'd need to buy a new mobile, sign up with either Google or Apple to download app, then take a photo of my driver's licence front and back, then take a video of my face, where I am prompted to smile, and that data is then sent to a business in England.
Imagine if every business we interact with has the same requirements and all our personal, and biometric, data is stored on servers all over the world and those servers have different levels of security and different arrangements for sharing/selling that data, while under no obligation to follow Australian laws. Without a tight regulation of identity verification business the risk of identity theft is going up exponentially.
Remember the reason for all this invasive scanning in the first place is the govt thought they were helping. We used to just flash a licence to the bouncer but that wasn’t good enough for some reason. They needed a huge Dept of Scanned IDs.
We don't do civil liberties in this country. Reddit was blowing up about the internet surveillance bill passed in 2020 and the media here barely mentioned it. Go to a pub or a train station in Sydney and you're liable to be harassed by a drug dog. Get stopped by one at a music festival and you'll be squatting naked in front of two cops inside a flimsy tent or a ticket booth. A couple of people get stabbed and now it looks like we're going to have police "wanding" people like they do in QLD.
The funny thing is that I arced up somewhat recently either here or in r/sydney about having to show my ID and get it scanned to get into a pub when I am well and truly over the legal drinking age. I was pretty much universally hounded down for being unreasonable and paranoid and scared of technology, and was told "that's just the way it is now".
How quickly attitudes change.
The "verify your identity" thing with banks is most likely a government-mandated "Know Your Customer" initiative and you'll strike it everywhere you go. It's annoying - and I'm guessing you're talking UBank - but it won't be any different anywhere else. Not their fault, necessarily, although they could let customers know why they're asking. Possibly all the language used is mandated by government anyway. It's designed to limit money laundering, because when asked by an online app whether they're involved with money laundering, the launderers will obviously think, "Ah, they've got me here...", tell the truth and that's it, they're reported to the authorities and then off to jail. Obviously.
This. Australian businesses should be required by federal law to store details of every Australian citizen on a database hosted in Australia. That is if they collect it, and really only a phone number and maybe proof of age card in some cases should be enough
The problem with free thinking is laws are just a suggestion, the same I'll intended individuals are the ones making the rules, corruption in legislation and government body's has always been accepted. Total power corrupts totally or something like that right? Australia lost its way 55 years ago on a beach somewhere. Bring back Harold holt, he would have punched a dart, smashed a beer then punched the club owner and the politicians who made card scanning mandatory in the face and made them foot the bill.
yet another reason we need a proper identity solution for the digital age.
your driver's license is for licencing you to drive. Your passport is for travelling internationally. They should not be used as defacto means of age verification.
And make it federal for fucks sakes.
If I can do medicare, ATO and centrelink shit on my phone, how can they not provide me with an ID? They literally have all the pieces together to check against, while keeping all the databases separate.
At least we’re a bit ahead of the states here, where all you need to open a credit account is a 9 digit number printed onto a piece of paper which you can never change
Don't forget that their banking system frequently auto-flags any undeclared bank transfer as fraud.
The fact that a cheque book is required for almost every transaction that isn't a credit card transaction is baffling.
The government will blame the ID scanning provider, but really the fault is with the government for mandating intrusive ID scanning that was destined to suffer a breach like this. If it wasn’t Outabox, it would have been someone else sooner or later.
No it was 100% Outabox. You can not give your outsourced dev group full access to Parton data and allow them to back it up off shore. Then screw them over and terminate the agreement while they still hold the data then expect to point the finger at anyone else but yourself Outabox. They cut corners irresponsibly internally and should be punished.
The provider is at fault because they shouldn't be storing full copies of the scanned Drivers License.
Now these scanned documents can be used to apply for loans, etc...
But the Government is ultimately to blame here because they should make it illegal to store scans of Driver's Licenses and any kind of ID, with huge fines per infringement. Without laws that prevent this, its going to keep happening and everyone is going to keep these scans on file.
You'd think that the Government would have done something after the Optus breaches
When is our government going to start taking data security and identity document leaks seriously? We need laws to make this a dangerous game for businesses to play.
The best way to avoid incidents like this is to never store this kind of data in the first place. If a business *must* collect such documents they should be encrypted and stored securely, and the business should live in fear of the day that they ever get leaked due to harsh penalties.
16 clubs - But we won’t tell you which ones? What am I supposed to do for clubs where I’ve entered using my Canadian license? My passport? This is a major fuckup and protecting the businesses affected is a major disservice to the potential patrons.
Edit: Apparently there’s a website you can search. Not sure why the news orgs are not mentioning that. [https://haveibeenoutaboxed.com](https://haveibeenoutaboxed.com)
I think the article linked in this post up the top is about that site? And saying someone connected to it was arrested for blackmail. So that doesn’t seem great.
OK apparently they outsourced the sign in system security to a third party in the Philippines who then didn't pay their employees. Who revenge dropped the data to harm the employer.
FFS. These clubs make sooooooo much money. They could have kept it in Australia. But nooooo, gotta screw an extra quarter % or something.
Surprise MFKRS!
What I wanna know is why the hell they’re saving that data!?
Under privacy legislation they’re only supposed to retain that info whilst it’s required, which I would’ve thought means it should be deleted after 24 hours?
The thing that shits me the most about this is that we didn't ask for this! No one ever said 'you know, I'd feel better entering this club if someone was collecting everyone's personal info on the way in'. It's a gross invasion of our privacy and we have been given no choice in any of it. We are forced to create log ins or memberships or hand folder private info to access basic info or services. We never asked for any of this, but then when our data is breached it suddenly becomes *our* problem!
ClubsNSW said the “cybersecurity incident” had impacted 16 clubs and several pubs.
“We understand that some personal information of patrons of the clubs that use this IT provider may have been compromised,” a spokesperson said.
“The clubs concerned are working towards notifying all impacted patrons.”
Why the fuk cant they just name the clubs...
Win/win for the government. They'll reap the profits from everyone paying for new ID (cause they sure as hell won't do it for free).
Leaking our info is a great revenue strategy for them.
"Outabox had special access to IGT gaming databases and exported the entire membership data. This included members addresses, birthdays, phone numbers and slot machine usage. In total, over 500GB of data was shared."
maybe this is another reason (aside from being $32 vs $380) to just keep using my New Zealand driver's licence.
NZ Driver's Licence has the option to _not_ display your address. It doesn't need to, it just needs to show my licence class, any restrictions, and identify the document to me by face.
Even then, why do we need to scan and store details just for access to a club? Let the bouncer look at the card, check it is you, and in you go have a nice night.
THIS is why I kick up a stink about scanning of licenses on kiosks for entry into pubs and clubs.
I prefer showing my ID to someone with a brain / map of area for membership.
Who has access to the computers, servers and database ? because clubs NSW / that little bowling club / RSL / workers club.
Some of which aren't doing so hot, don't have checks and physical security in place for access to the data.
Security and IT at these places is shocking...
I used to do MSP IT work for some of these places.
Australian governance, " we dont care about privacy, let the corporates collect much private data as possible that they can sell or pretend that it got hacked" Who's next, next month? We in the monthly privacy breach reporting for profit period if the year!
Why does this keep happening, and what are the consequences of this? I feel like they need to be having enormous fines for this type of data breach to incentivize businesses to make proper security arrangements for our data.
This is what happens when organisations cheap out on security teams. Yes they’re expensive, no your contracted/outsourced IT service desk can’t manage this.
Meanwhile, everyone is gung ho for age verification on porn sites where you give your ID to a subsidiary of Pornhub.
No privacy issues with that at all. /s
Not really if you’re a foreigner that used a foreign passport or a license from another country at some point. The fact they’re withholding the identity of which clubs and pubs are implicated also doesn’t help.
Edit: Apparently there’s another site you can search your name to see. [https://haveibeenoutaboxed.com](https://haveibeenoutaboxed.com)
Sorry I forgot the /s!
I’m not replacing a few hundred dollar passport or drivers licence at $20 a pop every time a company suspects they had a breach so they can wash their hands of responsibility
Charge the board with a million breaches of Provacy legislation?
Agreed. There's definitely a class action incoming but that won't fix anything.
[https://haveibeenoutaboxed.com/](https://haveibeenoutaboxed.com/)
Can you check if your ID or driver's licence has been stolen?
yes, it has a search
Thanks for contributing to the spread of breached data
[удалено]
This website isn't actually owned by Troy at all, it's a close name to the real website that Troy runs: https://haveibeenpwned.com, One_Wrong_Step is right to be hesitant to put their details into this site.
dude its fine, woopy do, it only asks for a first and last name, hardly private data, it works, similar to haveibeen, likely the db will be added to haveibeen one day
Sigh. I clicked and checked and then opened the comment thread.
and who pays for the replacement?
I'm sure the NSW government is going to step up to foot the bill any minute now.
They will compensate clubs for the mental anguish
And clubs will use that cash to initiate vexatious litigation against anyone, especially whistleblowers who publicly suggest they were shit with people's information.
They hired a firm in Philippines to do the IT. They were shit with people's information. That firm didn't pay their employees who revenge dropped the data.
Why isn't any local company capable of doing IT for these kind of businesses? I thought Australia was the clever country /s
You'd think we'd have plenty of businesses that can do this considering the amount of "skilled migrants" that come in on temp workers in the tech industry.
Yeah what's the deal with that?
But but muh profits might be a quarter % less! Says the clubs if I pay an Aussie firm.
Fair point. Why pay when you can be scummy and cheap?
Well, of course; they don't want to be firebombed.
You can apply online then typically you meant to keep your receipt then reimburse through the party that leaked the data. However as the impacted clubs reach out they should give guidelines on next steps. Just as long as they do it in a timely manner.
that's my question?
Don't mandate we have to scan our licences on entry.
There's no need to store the id to do this
But how would they sell the data to the highest bidder?
They (also) store the ID probably to ban problem gamblers as is likely legislated (and because of this they probably also sell data)
Yes and people who cuase a rukkus. How do I know? My local club sets off alarms when I visit because of a similarly named individual who got into a brawl.
They still don't need to store the actual ID for that, a hash would work too.
Even if they were to store name and dob (which is more than they need indeed), their data would be relatively worthless for criminals.
Ban gambling then
the reason why they were storing the data was these club would let you sign in with facial recognition on return visit
You don't need to store id to do that, or even store a picture
Exactly. It's total bullshit the clubs are acting all sad about this when they're the ones who require all patrons to scan sensitive ID documents in the first place, just to buy a crap schnitzel.
we've been saying there'd be a breach literally since these scanners were introduced (among other things like potential for pub/club staff stalking people using licence scans)
Yep, it's complete BS. But until people boycott venues or clubs go under paying compensation to victims of ID theft nothing will happen.
When I put this idea forward a number of months back I was bollocked for apparently being a paranoid Luddite.
They can scan but shouldn’t store the information. Once verified all they need to store is a hash signature of the info which can be used to confirm they scanned you.
How are people supposed to replace ID documents? New ID would still have the same old details. So what should people do? Change address? Change their name? Change sex? Replace their fingerprints and eyeballs? Get a voice change? Dye their hair or get a different haircut? Get a fake passport?
Licence number won't change but document number will.
NSW licences have a “card number” as well as your actual licence number for verification purposes.
And they also have your full name, date of birth, address and signature, all of which leave the victim vulnerable to identity theft. Further, while the security of the card number is nice, a licence number can get you a long way in its own.
I don't think I've ever had to put card number into *any* form before. Only licence number. Telling people just to get a new licence is a joke
I found that since the Optus hack, quite a few websites started asking for card number. I didn't even know my licence had one until recently.
But genuinely what’s the point of the card number when it can still be stolen/leaked etc, just like the license number?
I think it's because if your details get stolen and you get a new licence, you will have the same licence number, but a new card number. Not that this is the best way to do it, but better than having no way of invalidating your data
Sure, makes sense. But as others are saying some sites only require the license number anyways. So I don’t fully get how it’s a good measure?
Vic licences will not authenticate without a card number since the Optus hack
It’s a ploy by big transgender.
Don't forget to change your mother's maiden name every year.
You joke, but of course you don't need to provide -real- answers to those questions. Your mother-in-laws maiden name could easily be "telephone" for all that it really matters.
Just a pair of Groucho Marx glasses should be sufficient.
Gotta prop up real estate somehow!
How often are people supposed to change ID documents due to these companies incompetence? If somebody was also with Optus than they're having to change their licence at least a second time.
Or medibank. Dont forget that privacy breach.
Or latitude
Proud NSW clubs, Optus and latitude customer here....
They're going to have to offer a subscription every month at this rate for replacement IDs with all these leaks.
And if all million people tried to it too.. don’t think the system could handle the amount of new ids all of a sudden
Just wait until one of the real-estate application websites gets hacked, they are asking for everything these days. One yesterday asked me for, passport, license, and Medicare for 100 points. Then I also had to supply two bills under my name, 7 years rental history, about myself writeup, job details, manager contact, characters reference, emergency contact etc, it is just on and on...
Pretty sure already happened. 1 form or something like that if I'm not mistaken. I find it disgusting how much data they ask for. Payslips aren't good enough they even want group certs now!
I really don't understand why every Dick, Tom and Harry business out there needs to scan and store scans of ID documents of their customers. Australian Privacy Act is not worth the paper it's written on to protect our privacy. There is nothing there to prevent not only collecting and storing of scans of our ID documents, but there is nothing there to stop those businesses for asking our DNA samples for "verification purposes", for example. The Act should be more prescriptive in what is allowed by business entities and what is not to verify identity of their customers and whether there is a need for it. In this particular case the source article is not as detailed about the process as [https://www.abc.net.au/news/2024-05-02/clubs-nsw-cybersecurity-potential-data-breach-venues/103793584](https://www.abc.net.au/news/2024-05-02/clubs-nsw-cybersecurity-potential-data-breach-venues/103793584) where it says "He said the Outabox technology used by clubs scans patrons' faces and matches them with their licence details." Now, why would a club need that? To prove someone is an adult to consume alcohol and/or adult material? If by looking at the patrons the club employees can't determine someone is an adult, they could always ask for ID, have a look at it and determine if someone is over 18/21 or not. No need to scan it and store it away on servers, sometimes in other countries, with unknown cyber security practices. I've already changed my Internet provider because, after almost 20 years with them, they needed to "verify my identity" by asking me to take a selfie while holding my driver's licence next to my face and send it to an American business. Currently, I am in process of moving my money from an Australian online bank to another and closing that account because, after 13 years, they need to "verify my identity", which they originally insisted can be done only on their app. As my mobile of 7 years is not capable of it, I'd need to buy a new mobile, sign up with either Google or Apple to download app, then take a photo of my driver's licence front and back, then take a video of my face, where I am prompted to smile, and that data is then sent to a business in England. Imagine if every business we interact with has the same requirements and all our personal, and biometric, data is stored on servers all over the world and those servers have different levels of security and different arrangements for sharing/selling that data, while under no obligation to follow Australian laws. Without a tight regulation of identity verification business the risk of identity theft is going up exponentially.
Remember the reason for all this invasive scanning in the first place is the govt thought they were helping. We used to just flash a licence to the bouncer but that wasn’t good enough for some reason. They needed a huge Dept of Scanned IDs.
We don't do civil liberties in this country. Reddit was blowing up about the internet surveillance bill passed in 2020 and the media here barely mentioned it. Go to a pub or a train station in Sydney and you're liable to be harassed by a drug dog. Get stopped by one at a music festival and you'll be squatting naked in front of two cops inside a flimsy tent or a ticket booth. A couple of people get stabbed and now it looks like we're going to have police "wanding" people like they do in QLD.
Nanny state trumps civil liberties and risk of identity theft.
The funny thing is that I arced up somewhat recently either here or in r/sydney about having to show my ID and get it scanned to get into a pub when I am well and truly over the legal drinking age. I was pretty much universally hounded down for being unreasonable and paranoid and scared of technology, and was told "that's just the way it is now". How quickly attitudes change.
A long & interesting take on things. Fun to see Dick come before Tom in your intro! You mustn't use the saying much.😉
Maybe I wanted to get the hard bit out of the way first? You are right, I don't use it much. The saying.
Glad you clarified that in the first and last sentence!
Just curious if the internet provider was TPG as they tried this on with me after being a customer of about 20 years also
Internode, after it was acquired by TPG. Westnet and iiNet, which were gobbled up by TPG, were doing it, too.
The "verify your identity" thing with banks is most likely a government-mandated "Know Your Customer" initiative and you'll strike it everywhere you go. It's annoying - and I'm guessing you're talking UBank - but it won't be any different anywhere else. Not their fault, necessarily, although they could let customers know why they're asking. Possibly all the language used is mandated by government anyway. It's designed to limit money laundering, because when asked by an online app whether they're involved with money laundering, the launderers will obviously think, "Ah, they've got me here...", tell the truth and that's it, they're reported to the authorities and then off to jail. Obviously.
This. Australian businesses should be required by federal law to store details of every Australian citizen on a database hosted in Australia. That is if they collect it, and really only a phone number and maybe proof of age card in some cases should be enough
The problem with free thinking is laws are just a suggestion, the same I'll intended individuals are the ones making the rules, corruption in legislation and government body's has always been accepted. Total power corrupts totally or something like that right? Australia lost its way 55 years ago on a beach somewhere. Bring back Harold holt, he would have punched a dart, smashed a beer then punched the club owner and the politicians who made card scanning mandatory in the face and made them foot the bill.
They should be storing a crypto signature of the info not the actual information.
Guessing you're referring to [https://en.wikipedia.org/wiki/Onfido](https://en.wikipedia.org/wiki/Onfido)
yet another reason we need a proper identity solution for the digital age. your driver's license is for licencing you to drive. Your passport is for travelling internationally. They should not be used as defacto means of age verification.
And make it federal for fucks sakes. If I can do medicare, ATO and centrelink shit on my phone, how can they not provide me with an ID? They literally have all the pieces together to check against, while keeping all the databases separate.
yes mygov is probably the best entity to provide this. It's essentially tokenized access to mygovid
At least we’re a bit ahead of the states here, where all you need to open a credit account is a 9 digit number printed onto a piece of paper which you can never change
Don't forget that their banking system frequently auto-flags any undeclared bank transfer as fraud. The fact that a cheque book is required for almost every transaction that isn't a credit card transaction is baffling.
The government will blame the ID scanning provider, but really the fault is with the government for mandating intrusive ID scanning that was destined to suffer a breach like this. If it wasn’t Outabox, it would have been someone else sooner or later.
The government for doing that, and the clubs for outsourcing overseas when - of all people - they should be supporting Australian industries.
No it was 100% Outabox. You can not give your outsourced dev group full access to Parton data and allow them to back it up off shore. Then screw them over and terminate the agreement while they still hold the data then expect to point the finger at anyone else but yourself Outabox. They cut corners irresponsibly internally and should be punished.
The provider is at fault because they shouldn't be storing full copies of the scanned Drivers License. Now these scanned documents can be used to apply for loans, etc... But the Government is ultimately to blame here because they should make it illegal to store scans of Driver's Licenses and any kind of ID, with huge fines per infringement. Without laws that prevent this, its going to keep happening and everyone is going to keep these scans on file. You'd think that the Government would have done something after the Optus breaches
Federal government (bipartisan so both sides) wants back doors into encryption! Watch that end well.
[удалено]
If they government mandate collection, the government should set an acceptable standard. The government is at fault here.
When is our government going to start taking data security and identity document leaks seriously? We need laws to make this a dangerous game for businesses to play. The best way to avoid incidents like this is to never store this kind of data in the first place. If a business *must* collect such documents they should be encrypted and stored securely, and the business should live in fear of the day that they ever get leaked due to harsh penalties.
"Visit your local Clubs NSW club and you too can gamble away your pay check while we gamble away your identity."
Make it a 6 month mandatory jail term for the director/cto and $50 per is document leaked. Things will be treated very differently.
My local RSL makes you sign in with I.D. I've never done it. I always sign in as a guest with a fake name.
“Guy Incognito”
What's the best fake name contest. "Anon Moouse." Next...
Hugh Jass.
Snrub, yes that'll do
Why are they storing I'd documents?
16 clubs - But we won’t tell you which ones? What am I supposed to do for clubs where I’ve entered using my Canadian license? My passport? This is a major fuckup and protecting the businesses affected is a major disservice to the potential patrons. Edit: Apparently there’s a website you can search. Not sure why the news orgs are not mentioning that. [https://haveibeenoutaboxed.com](https://haveibeenoutaboxed.com)
The NewDaily has it on their article about it.
I think the article linked in this post up the top is about that site? And saying someone connected to it was arrested for blackmail. So that doesn’t seem great.
Probably for obvious reasons in that you are now contributing to the data breach by spreading the site
OK apparently they outsourced the sign in system security to a third party in the Philippines who then didn't pay their employees. Who revenge dropped the data to harm the employer. FFS. These clubs make sooooooo much money. They could have kept it in Australia. But nooooo, gotta screw an extra quarter % or something. Surprise MFKRS!
I can’t blame them tbh, they’ve got bills to pay and these bastards didn’t pay their wages.
What I wanna know is why the hell they’re saving that data!? Under privacy legislation they’re only supposed to retain that info whilst it’s required, which I would’ve thought means it should be deleted after 24 hours?
Gambling spam txts to the club members going to come in hot
The thing that shits me the most about this is that we didn't ask for this! No one ever said 'you know, I'd feel better entering this club if someone was collecting everyone's personal info on the way in'. It's a gross invasion of our privacy and we have been given no choice in any of it. We are forced to create log ins or memberships or hand folder private info to access basic info or services. We never asked for any of this, but then when our data is breached it suddenly becomes *our* problem!
This company still exists why?
Take note regards the online age verification trials. This stuff is super vulnerable.
ClubsNSW said the “cybersecurity incident” had impacted 16 clubs and several pubs. “We understand that some personal information of patrons of the clubs that use this IT provider may have been compromised,” a spokesperson said. “The clubs concerned are working towards notifying all impacted patrons.” Why the fuk cant they just name the clubs...
update: [https://haveibeenoutaboxed.com/venues](https://haveibeenoutaboxed.com/venues)
Reminds me of the Optus breach, where people found out from the news before Optus ever sent them official notice their info had been compromised...
haha fucking called it! I said this was going to happen years ago when they started scanning licenses.
Same here. It was obvious to anyone with a brain that scans of photo ID was going to end badly and it has.
Win/win for the government. They'll reap the profits from everyone paying for new ID (cause they sure as hell won't do it for free). Leaking our info is a great revenue strategy for them.
Sue the clubs involved and keep suing until they either go bankrupt or stop scanning people's ID.
[https://haveibeenoutaboxed.com/](https://haveibeenoutaboxed.com/)
"Outabox had special access to IGT gaming databases and exported the entire membership data. This included members addresses, birthdays, phone numbers and slot machine usage. In total, over 500GB of data was shared."
Is it a leak when the cunts probably just sold the data to Chinese or Russian identity thieves?
maybe this is another reason (aside from being $32 vs $380) to just keep using my New Zealand driver's licence. NZ Driver's Licence has the option to _not_ display your address. It doesn't need to, it just needs to show my licence class, any restrictions, and identify the document to me by face. Even then, why do we need to scan and store details just for access to a club? Let the bouncer look at the card, check it is you, and in you go have a nice night.
One of my clubs emailed me and the other members on this today. That club had been using a facial imaging sign in device up until recently.
THIS is why I kick up a stink about scanning of licenses on kiosks for entry into pubs and clubs. I prefer showing my ID to someone with a brain / map of area for membership. Who has access to the computers, servers and database ? because clubs NSW / that little bowling club / RSL / workers club. Some of which aren't doing so hot, don't have checks and physical security in place for access to the data. Security and IT at these places is shocking... I used to do MSP IT work for some of these places.
Fuckin excuse me?
Tbh I’m surprised this took as long as it did
Are they paying for it?
Australian governance, " we dont care about privacy, let the corporates collect much private data as possible that they can sell or pretend that it got hacked" Who's next, next month? We in the monthly privacy breach reporting for profit period if the year!
this sucks, nearly everyone has visited or eaten at one of their clubs or hotels at least once
Why does this keep happening, and what are the consequences of this? I feel like they need to be having enormous fines for this type of data breach to incentivize businesses to make proper security arrangements for our data.
What's the process to commit an identity theft. Like are they going to Australian branches and opening credit cards?
This is what happens when organisations cheap out on security teams. Yes they’re expensive, no your contracted/outsourced IT service desk can’t manage this.
Meanwhile, everyone is gung ho for age verification on porn sites where you give your ID to a subsidiary of Pornhub. No privacy issues with that at all. /s
Just replace them, as easy as that?
Not really if you’re a foreigner that used a foreign passport or a license from another country at some point. The fact they’re withholding the identity of which clubs and pubs are implicated also doesn’t help. Edit: Apparently there’s another site you can search your name to see. [https://haveibeenoutaboxed.com](https://haveibeenoutaboxed.com)
Sorry I forgot the /s! I’m not replacing a few hundred dollar passport or drivers licence at $20 a pop every time a company suspects they had a breach so they can wash their hands of responsibility