Tens of thousands of members of two Canberra clubs have had private information taken in a data breach.
The Erindale Vikings Club and the Tradies Club in Dickson were both assessing the situation after members' information was taken by an outside group. Some of it has been posted online.
An expert warned of the danger of "identity theft" as the clubs assessed the damage.
"We are outraged members' data may have been posted online," Zach Smith who chairs the Canberra Tradesmen's Union Club (The Tradies) said.
The breach was revealed by the Outabox company which designs systems to collect information on club members.
Vikings chief executive Anthony Hill said: "We have notified 40,000 members individually and through a post on our website notifying them of the Outabox data breach.
"We understand this news may cause concern to our staff, clients and their customers, and we thank them for their support and patience as we work to resolve this as swiftly as possible.
"We have an incident response team working around the clock to gather as many facts as possible and to communicate to our members and staff.
"We are still non-the-wiser of the data that has been accessed. As it stands, we do know patrons' names, date of birth (partially redacted) and address (partially redacted) have been made available through a web page by the perpetrator," Mr Hill, chief executive of the Vikings, said.
Police arrested a man in a Sydney suburb on Thursday afternoon. The Canberra clubs were among a group of victims including clubs in New South Wales.
"Cybercrime Squad detectives investigating an alleged data breach threatening to share the personal details of over one million people have arrested a man in Fairfield West," the NSW police said.
It is not clear what the taker of the information could do with it but one expert warned that if it also turns out to be driving licence and credit card details, there was a real risk of identity theft where a fraudster can impersonate a person to get money or goods.
"You have the ability to impersonate them through online shopping, online health, accessing existing accounts," Sam Spencer of Aristotle Metadata said.
"If I know enough about you, I can access other sensitive information."
The breach was revealed by the Outabox company which designs systems to collect information on club members.
Its statement said: "Outabox has become aware of a potential breach of data by an unauthorised third party from a sign-in system used by our clients. We are working as a priority to determine the facts around this incident, have notified the relevant authorities and are investigating in cooperation with law enforcement."