Close this search box.

Investigation Underway for Major Data Breach Impacting Over 1 Million NSW Club and Merivale Customers


A significant data breach has reportedly exposed personal details of over 1 million customers from at least 16 licensed clubs in New South Wales (NSW), including those of key government officials. Cybercrime detectives are actively investigating the situation after an unauthorized website claimed to have leaked the information.

The IT provider, Outabox, has acknowledged a breach in a client-used sign-in system by an “unauthorised” third party. Outabox is coordinating with law enforcement to delve into the specifics of the breach while complying with ongoing legal constraints due to the active police investigation.

Among the compromised data are details of NSW Premier Chris Minns and other high-profile government figures. The breach impacts customers who visited these venues, as per state regulations requiring clubs to collect and securely store patron information.

The affected clubs include:

  • Breakers Country Club
  • Bulahdelah Bowling Club
  • Central Coast Leagues Club
  • Mex Club Mayfield
  • City of Sydney RSL
  • East Cessnock Bowling Club
  • Fairfield RSL Club
  • Gwandalan Bowling Club
  • Halekulani Bowling Club
  • Hornsby RSL Club
  • Ingleburn RSL Club
  • Merivale
  • Club Old Bar
  • Club Terrigal
  • The Tradies Dickson
  • Erindale Vikings
  • Not just members affected

Officials have stated that the breach stemmed from a third-party vendor and was not a direct hack. ID Support NSW has stepped in to assist those affected and to mitigate potential identity theft risks.

As the investigation continues, ClubsNSW is reaching out tA o potentially impacted patrons to warn them of the breach and advise caution, particularly regarding phishing scams and suspicious communications.

Such incidents underscore the critical importance of robust incident response strategies and regular penetration testing to identify vulnerabilities before they are exploited.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →