East Maitland Bowling Club has been wrongly caught up in a data breach which is believed to have released the records of more than one million people online.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
NSW Police is investigating the claims affecting the records of visitors to hospitality venues in NSW and the ACT.
East Maitland Bowling Club President Bill Hopkins was quick to allay the fears of the club's 19,000 members who may have been worried that their personal details had been compromised.
"We are not part of this breach - we were incorrectly added to the list of clubs that were hit," Mr Hopkins said.
"We found out yesterday there had been a breach made and our CEO was quickly on the job checking with Clubs NSW and the company involved," he said.
"We have learned we were incorrectly added to the list, why that happened we don't know but we are not affected," Mr Hopkins said.
He said the club has been inundated with calls from concerned members.
"We're trying to get the information out there that we have not been caught up in this breach and we have taken special steps to ensure this does not happen," Mr Hopkins said.
"It's important we get the message out there that everything is ok."
The data breach involves a third-party IT provider called Outabox used by venues such as RSLs and clubs for digital sign-in services.
East Maitland Bowling Club does not use this IT provider.
It's claimed the data involved includes facial recognition biometrics, scans of driver licences, signatures, club membership data, addresses, birthdays and details about visits to venues such as slot machine usage.
Other venues named include Breakers Country Club in Wamberal, Buladelah Bowling Club, Central Coast Leagues Club, Mex Club Mayfield, East Cessnock Bowling Club, Gwandalan Bowling Club, Halekulani Bowling Club, Club Old Bar, Club Terrigal, West Tradies in Dharruk, and The Tradies Dickson and Erindale Vikings in the ACT.
In NSW registered clubs are required by law to collect personal information from patrons entering the venue.
In a statement on its website Outabox said it had notified the relevant authorities and were "working as a priority to determine the facts around [the] incident".
"We are restricted by how much information we are able to provide at this stage given it is currently under active police investigation," the company said. "We will provide further details as soon as we are able to."
Bulahdelah Bowling Club is one of the venues named in the breach and said it had previously used Outabox for its electronic sign-in system but hadn't been associated with the company for "several months".
"We are hoping that the impact on our club will be minimal or zero, given that we no longer deal with Outabox," the club said on Facebook.
"However, if we discover that the data breach has had any effect on our club or our members, we will advise further."