Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
National
Luke Costin

Alleged data leak blackmailer could face years in jail

Cybercrime detectives have charged a Sydney man with blackmail after online threats were made to expose one million identity records of Australian club and pub patrons.

The website, uncovered this week, had published the details of people who used their drivers' licences and other personal details to sign in at 17 venues across the NSW and the ACT.

It has prompted calls for better data handling and changes to mandates requiring all 1200 registered clubs in NSW to capture identity data of patrons.

Data about NSW Premier Chris Minns and Deputy Premier Prue Car was reportedly among the information exposed before police flooded the site with requests to prevent further leaks.

Police said the breach was believed to be of a third-party provider.

NSW Premier Chris Minns
Data about NSW Premier Chris Minns was reportedly among the information exposed. (Dan Himbrechts/AAP PHOTOS)

The website contained allegations of a corporate dispute with software developers and poor data handling practices, including sending data offshore.

But the leak had an integral player on Australian shores in a suburban home in southwestern Sydney, police allege.

Heavily armed police arrived at a Fairfield home on Thursday afternoon before detectives arrested a 46-year-old, dressed in jeans and thongs.

After a night in custody, he was charged with a blackmail offence and released on conditional bail.

If convicted, he faces a maximum of 10 years in prison.

The man is due to face Fairfield Local Court on June 12.

Police are urging patrons to wait until they are advised they have been affected by the breach before changing any details.

But privacy protection expert Philip Bos said the breach illustrates how Australians are often forced to hand over information to organisations that don't know how to handle confidential data correctly or safely.

Some affected clubs had already severed contracts with the third-party provider, including in one case because it was sending data offshore.

Registered clubs are required by law to document and store the personal details of patrons entering their venues in NSW.

Alliance for Gambling Reform said the breach could have been avoided by a centralised, secure universal cashless gambling card system.

"This breach highlights just how unaccountable clubs are and how haphazard they are with the mountain of private information they routinely collect from the public, without direct consent," chief executive Carol Bennett said in a statement.

The exposed records include patrons' individual entries, meaning some of the 1.05 million records will be near-duplicates.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.