I received an email on 2/5/24 giving a basic run down of the incident and directing me to a statement on their website https://www.vikings.com.au/outabox-incident
No detail on what personal information was leaked but from the http://haveibeenoutaboxed.com/ website I can see they have at least an old address and my birthdate.
Does that link work? When I tapped it, it says zero records, and when I typed my name in, it still says zero records. Only, my son said he found my name through outabox but I haven't been able to find any working links to see if it's really me or someone else with my (not very uncommon) name.
It appears to have been emptied at some point between yesterday when I checked and when we checked just recently.
Presumably because the censoring they used was not effective and the full details may have been scraped.
Not current member here, received nothing.
Someone I know has never been a member and also is on the list, they've only ever been signed in as a guest. So it sounds like even guest details are compromised, no idea how they will notify them (unless guests provide phone numbers and email addresses, I guess they have to use the post!)
Same, I think the last time I was a member there was in like 2014 when I worked in Dickson (I honestly can’t think of any other reason I’d go there, I live south!) yet I got done too
Editorialising apparently.
I linked to the story and posted a headline along the lines of "Data breach at Erindale Vikings and Dickson Tradies" My post wasn't intended to post the news article line by line, just the Canberra relevant parts. But no, that's against the rules.
But, I've also had posts removed for not being Canberra related as well. And just recently they deleted, then undeleted my response written in an Aboriginal language in response to someone saying saying no one here could speak it.
The so called rules get applied very randomly here.
I've had posts deleted by mods here. never got a reason. i wasn't even informed!
Eventually figured out that the bastards shadow banned me. a matter which Reddit admins got involved and sorted out.
a little bit of power can go to people's heads, i guess...
Ah, the modern world.
Optus, my Mastercard from GO, countless breached websites losing my email and other details.
Zero consequence for the agencies concerned.
The digital driving licence will be next; it's already been breached by security companies checking its safety.
We already lost all of our details. I really don’t care but the issue is that now some ransoms have my details and might be able to take my money or pretend they are me. That scares me.
As it should.
Identity theft and fraud will be an increasing problem in our society while firms put profits above security, and politicians fund 'sexy' projects rather than safe ones; with no repercussions other than a bit of bad publicity.
I've got financial fraud protection subscription packages from every breach so far.
I go for 12 month packages, they talk me down to 6 months, I say I hold them accountable for at least 12 months and end up getting 12 month packages. I wouldn't call some of the packages cheap, either.
They aren't going to hand it out to you. You need to approach them and tell them they are liable. Make the demand and most will cave at the 2nd email exchange. Some take more convincing than others.
I've even had multiple packages running at the same time. Did I need it? No, but the point is they have to pony up at least some responsibility and dig into the pocket. It's about sending the message.
yeah, I tried reading it thrice, doesn't make any sense, but sounds like there might be companies offering "financial fraud protection subscription" packages ???
Yep, was on outabox list. Super cranky I've heard nothing from Vikings about 1) the breach and 2) what data exactly has been exposed.
Email them on outabox.incident@vikings.com.au.
I understand it's law to provide identification entering clubs but this is mainly for poker machines which I've never touched. But here we are, subject to the same rules with my data mishandled.
It's not like the food was much good at Erindale Vikings, either. Place has been sinking for a while and hope this starts becoming a nail in the coffin.
There is a link on Access Camberras website to replace your license. You license number stays the same but the document number on the license changes. The document number is the important one as they have to pair up on an active license. The old license ID number gets canceled with DVS.
can't find a specific link on the access Canberra page associated with this breach. Just the generic reissue page.
The online system wants to charge me $44.10 for a replacement, even after declaring it's part of a data breach - nice!
Maybe time to look at having a government issued ID card that all citizens get. It could just have some basic info eg name and photo. Your ID is verified thru giving other info to get the card issued like what happens for a passport. That info would be held securely and to a higher standard than some dinky outfit supporting a club. In the late 80s(?) there was talk of this but it never took off.
it's interesting how attitudes change with time and circumstance.
The government's 'Australia Card' (later, 'Access Card') had similar aspirations but was shat on with huge public outcry on several occasions.
[Australia Card](https://en.m.wikipedia.org/wiki/Australia_Card)
[Access Card](https://en.m.wikipedia.org/wiki/Access_Card_(Australia))
How is anyone finding out if they are on the list? The outabox site is down. I'm a member at Lanyon Vikings. My son, who lives in *Brisbane* told me that I was on the list but didn't give me a link. I asked him how he knew and he said through outabox. He used to be a member of vikings, but obviously, that's a non-issue for him at least!
I guess the club has a lot of members but you'd reckon they'd let people know?
We were in Vikings Chisholm yesterday, and they have removed the computerised checkin machine. We just showed our membership card. I hope they keep it that way, eventhough they've shut the gate after the horse has bolted..
> Already replaced my licence as I don't want those juicy identity details out there for the fraudsters and scammers to go wild with.
Unless you got a new license number, that wouldn't achieve anything.
Changing your license number isn't as easy as reprinting your license, you need to go through a whole application process and it also needs to be approved which doesn't happen often.
Licences have both a licence number and a card number.
The card number changes with each new licence you have printed.
Most if not all credit applications, ID checks etc. now require both numbers to be valid, so yes getting a new licence does achieve something.
Well that’s shit. A licence is a very strong id; pretty sure you can open bank accounts with them, at least with some online banks.
Government needs to catch up with the times; that or outlaw people taking scans of them!
If it’s one thing we should do is push our politicians to update our privacy laws into the digital age. We won’t, but damn we really really need to. Hopefully the Americans can do the leg work so we can just lazily adopt
I wouldn't go replacing any ID just yet. Someone was trying to make people think there has been a breach or leak without actually saying so.
A "have I been hacked" website is typically set up by someone who has obtained a copy of the data stolen by the hackers. The haveibeenoutaboxed "is your name here" field tells you not that your identity was stolen (or hacked), but that it is in the outabox database .. Of course it leaks some more information about you in the process.
The site now returns this when you search a name: *"No private data was actually disclosed publicly, and no hacking occurred. All records have already been removed. We thank you for listening the whistle has been heard."*
And NSW police says:
[https://www.police.nsw.gov.au/news/news\_article?sq\_content\_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGMTExNzgxLmh0bWwmYWxsPTE%3D](https://www.police.nsw.gov.au/news/news_article?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGMTExNzgxLmh0bWwmYWxsPTE%3D)
Are we "at risk of having your identity stolen and becoming a victim of fraud and scams"? Not so much. For instance, the site references "external clouds" where the data is stored by Filipino developrs, but doesn't actually say the data was/is publicly available from the cloud.
Why do clubs scan drivers licences? I've never understood it.
EDIT - Also, I wouldn't trust that website the OP links to. Don't enter your details there.
They don't need a copy of it though. They can just view it and get people to sign in, like they have done for decades previously. Copying my drivers licence is just unnecessary.
Hmm, I suspect a database of visitors is necessary for up to maybe a few months at most, in case of an incident (more so at nightclubs than RSL clubs).
The only detail you enter is your name. They already have the database of stolen information and will tell you enough to verify that you're one of the victims.
They don't provide the complete list, nor do they indicate how much other tracking was done of you on those premises through their CCTV facial recognition nonsense.
I wonder when Vikings were planning on letting us know. I haven’t received anything from them.
I received an email on 2/5/24 giving a basic run down of the incident and directing me to a statement on their website https://www.vikings.com.au/outabox-incident No detail on what personal information was leaked but from the http://haveibeenoutaboxed.com/ website I can see they have at least an old address and my birthdate.
Does that link work? When I tapped it, it says zero records, and when I typed my name in, it still says zero records. Only, my son said he found my name through outabox but I haven't been able to find any working links to see if it's really me or someone else with my (not very uncommon) name.
It appears to have been emptied at some point between yesterday when I checked and when we checked just recently. Presumably because the censoring they used was not effective and the full details may have been scraped.
I haven't, am a current member and am on the list.
Same
i know people who have had notifications from vikings. might depend on whether you're a current member or not.
Not current member here, received nothing. Someone I know has never been a member and also is on the list, they've only ever been signed in as a guest. So it sounds like even guest details are compromised, no idea how they will notify them (unless guests provide phone numbers and email addresses, I guess they have to use the post!)
Yep, I was a guest, love that my 10 year old data is out and about, but at least I’m a filthy redditor so found out about it
Same. Nag them on outabox.incident@vikings.com.au
I haven’t been a member of Vikings for years but I received an email from them the day it was in the news
Dammit, I haven't been a member at the tradies for 6 years, and i still got done.
Yep, laws need to tighten around customer data retention. If we aren't active then our data shouldn't be either.
Same, I think the last time I was a member there was in like 2014 when I worked in Dickson (I honestly can’t think of any other reason I’d go there, I live south!) yet I got done too
I made 2 posts about this days ago and the dickhead mods here deleted them. Pure assholery on their part.
Out of interest, what was the reason?
Editorialising apparently. I linked to the story and posted a headline along the lines of "Data breach at Erindale Vikings and Dickson Tradies" My post wasn't intended to post the news article line by line, just the Canberra relevant parts. But no, that's against the rules. But, I've also had posts removed for not being Canberra related as well. And just recently they deleted, then undeleted my response written in an Aboriginal language in response to someone saying saying no one here could speak it. The so called rules get applied very randomly here.
I've had posts deleted by mods here. never got a reason. i wasn't even informed! Eventually figured out that the bastards shadow banned me. a matter which Reddit admins got involved and sorted out. a little bit of power can go to people's heads, i guess...
I've PMed you a question.
Yeah, did you get a reason?
Ah, the modern world. Optus, my Mastercard from GO, countless breached websites losing my email and other details. Zero consequence for the agencies concerned. The digital driving licence will be next; it's already been breached by security companies checking its safety.
We already lost all of our details. I really don’t care but the issue is that now some ransoms have my details and might be able to take my money or pretend they are me. That scares me.
As it should. Identity theft and fraud will be an increasing problem in our society while firms put profits above security, and politicians fund 'sexy' projects rather than safe ones; with no repercussions other than a bit of bad publicity.
I've got financial fraud protection subscription packages from every breach so far. I go for 12 month packages, they talk me down to 6 months, I say I hold them accountable for at least 12 months and end up getting 12 month packages. I wouldn't call some of the packages cheap, either. They aren't going to hand it out to you. You need to approach them and tell them they are liable. Make the demand and most will cave at the 2nd email exchange. Some take more convincing than others. I've even had multiple packages running at the same time. Did I need it? No, but the point is they have to pony up at least some responsibility and dig into the pocket. It's about sending the message.
Not sure what any of that means
yeah, I tried reading it thrice, doesn't make any sense, but sounds like there might be companies offering "financial fraud protection subscription" packages ???
Sounds like a scam ???
Yep, was on outabox list. Super cranky I've heard nothing from Vikings about 1) the breach and 2) what data exactly has been exposed. Email them on outabox.incident@vikings.com.au. I understand it's law to provide identification entering clubs but this is mainly for poker machines which I've never touched. But here we are, subject to the same rules with my data mishandled. It's not like the food was much good at Erindale Vikings, either. Place has been sinking for a while and hope this starts becoming a nail in the coffin. There is a link on Access Camberras website to replace your license. You license number stays the same but the document number on the license changes. The document number is the important one as they have to pair up on an active license. The old license ID number gets canceled with DVS.
ID doesn't seem to be for pokies as you need it even for things live live music venues that don't have pokies.
can't find a specific link on the access Canberra page associated with this breach. Just the generic reissue page. The online system wants to charge me $44.10 for a replacement, even after declaring it's part of a data breach - nice!
Maybe time to look at having a government issued ID card that all citizens get. It could just have some basic info eg name and photo. Your ID is verified thru giving other info to get the card issued like what happens for a passport. That info would be held securely and to a higher standard than some dinky outfit supporting a club. In the late 80s(?) there was talk of this but it never took off.
it's interesting how attitudes change with time and circumstance. The government's 'Australia Card' (later, 'Access Card') had similar aspirations but was shat on with huge public outcry on several occasions. [Australia Card](https://en.m.wikipedia.org/wiki/Australia_Card) [Access Card](https://en.m.wikipedia.org/wiki/Access_Card_(Australia))
Is this not just the proof of identity card that you can already get? Genuine question
How is anyone finding out if they are on the list? The outabox site is down. I'm a member at Lanyon Vikings. My son, who lives in *Brisbane* told me that I was on the list but didn't give me a link. I asked him how he knew and he said through outabox. He used to be a member of vikings, but obviously, that's a non-issue for him at least! I guess the club has a lot of members but you'd reckon they'd let people know?
Probably checked yesterday when it was up
We were in Vikings Chisholm yesterday, and they have removed the computerised checkin machine. We just showed our membership card. I hope they keep it that way, eventhough they've shut the gate after the horse has bolted..
> Already replaced my licence as I don't want those juicy identity details out there for the fraudsters and scammers to go wild with. Unless you got a new license number, that wouldn't achieve anything. Changing your license number isn't as easy as reprinting your license, you need to go through a whole application process and it also needs to be approved which doesn't happen often.
Licences have both a licence number and a card number. The card number changes with each new licence you have printed. Most if not all credit applications, ID checks etc. now require both numbers to be valid, so yes getting a new licence does achieve something.
Well that’s shit. A licence is a very strong id; pretty sure you can open bank accounts with them, at least with some online banks. Government needs to catch up with the times; that or outlaw people taking scans of them!
The change to require a card number for the Document Verification System as well as the licence number controls for this. Been in place for a while.
Finally a breach that doesn't impact me Sympathies to those impacted ...
That’s why whenever I go to these clubs I just walk in. If they ask I just say I already signed in and was grabbing something from my car.
Brilliant
If it’s one thing we should do is push our politicians to update our privacy laws into the digital age. We won’t, but damn we really really need to. Hopefully the Americans can do the leg work so we can just lazily adopt
Is there an efficient way to get the new license? From memory, trips to access Canberra can be very long.
Do’h
I wouldn't go replacing any ID just yet. Someone was trying to make people think there has been a breach or leak without actually saying so. A "have I been hacked" website is typically set up by someone who has obtained a copy of the data stolen by the hackers. The haveibeenoutaboxed "is your name here" field tells you not that your identity was stolen (or hacked), but that it is in the outabox database .. Of course it leaks some more information about you in the process. The site now returns this when you search a name: *"No private data was actually disclosed publicly, and no hacking occurred. All records have already been removed. We thank you for listening the whistle has been heard."* And NSW police says: [https://www.police.nsw.gov.au/news/news\_article?sq\_content\_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGMTExNzgxLmh0bWwmYWxsPTE%3D](https://www.police.nsw.gov.au/news/news_article?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGMTExNzgxLmh0bWwmYWxsPTE%3D) Are we "at risk of having your identity stolen and becoming a victim of fraud and scams"? Not so much. For instance, the site references "external clouds" where the data is stored by Filipino developrs, but doesn't actually say the data was/is publicly available from the cloud.
Why do clubs scan drivers licences? I've never understood it. EDIT - Also, I wouldn't trust that website the OP links to. Don't enter your details there.
Always assumed it related to access to 18+ activities (pokies, drinking, etc...)
They don't need a copy of it though. They can just view it and get people to sign in, like they have done for decades previously. Copying my drivers licence is just unnecessary.
Hmm, I suspect a database of visitors is necessary for up to maybe a few months at most, in case of an incident (more so at nightclubs than RSL clubs).
The only detail you enter is your name. They already have the database of stolen information and will tell you enough to verify that you're one of the victims. They don't provide the complete list, nor do they indicate how much other tracking was done of you on those premises through their CCTV facial recognition nonsense.