ClubsNSW venue data breach: Fairfield West man arrested in Sydney after more ... trends now
A man has been arrested after sensitive details of more than a million patrons who visited licensed venues across NSW were exposed in a major security breach.
NSW Police were alerted to a website which had published details of patrons who used their drivers' licences to check into 17 clubs and clubs across the state.
Prominent politicians are reportedly among those who may have had their details compromised.
Officers from the State Crime Command's Cybercrime Squad formed Strike Force Division and worked closely with federal and state agencies to contain the breach.
Following extensive inquiries, detectives raided a Fairfield West home in Sydney's south-west on Thursday afternoon and arrested a 46-year-old man.
He was taken to Fairfield Police Station where he's expected to be charged with blackmail.
Dramatic footage of the raid released by police showed up to 10 armed police officers storming the home on a quiet suburban street to execute
They were followed by plain-clothed detectives.
Officers from NSW's Cybercrime Squad arrested a 46-year-old man during a raid in Fairfield West on Thursday afternoon
Dozens of officers raided the Fairfield West home in Sydney's south-west
Detective Chief Superintendent Grant Taylor said the leak was live for 'a number of days' but 'only really became known to the public in the last 24 hours to 48 hours'.
'We believe it's a breach of a third party provider,' he told reporters.
Seventeen venues were affected by the breach which police believe was compromised when a third-party IT provider contracted to collect the data sent it offshore to another contractor.
Registered clubs are required by law to document and store the personal details of patrons entering their venues in NSW.
One club affected by the data breach posted to Facebook that it used the provider from January 2021 to October 2022, but no longer used their services.
Club Old Bar said it had started an investigation and was working with the provider to identify the extent to which any data relating to the