Proudly supported by

Australian Government logo


Resources Hub / Boost your cyber resilience / Lessons from the ClubsNSW attack

Lessons from the ClubsNSW attack



The lesson for small businesses

Council of Small Business Organisations Australia (COSBOA) CEO Luke Acterstraat says for small businesses such as clubs, it’s critical to ensure the data of their patrons is protected.

“When customer information is leaked, you lose the trust of your patrons and this can really set your business back,” he says.

“We’re warning everyone to be extra vigilant in watching for scams and secondary attacks that follow major data breaches such as this latest attack.” 

Clubs should also review what sensitive patron data they are storing, and what information they  actually need to keep. 

The ClubsNSW incident highlighted that it’s not large companies such as Optus and The Iconic in the sights of cyber criminals. In fact, about 80 per cent of small businesses have faced an online threat, either personally or professionally. 

But many small businesses continue to underestimate their vulnerability, with only a third of owners and employees concerned about an attack.

What are the risks after a data breach?

Unfortunately, cyber criminals are becoming craftier by the day, and it’s not only the initial attack that’s cause for concern.  

Few Australians consider the possibility of a secondary attack that can follow major data breaches. 

It will depend on the incident, and the type of information that was involved. But a data breach may lead to your online accounts, such as banking, being compromised. 

It could also leave you vulnerable to scams and identity theft. 

Credential stuffing is one type of cyber attack that targets people who have previously had their usernames, emails or passwords stolen in a data breach. 

It makes them vulnerable to a second, more dangerous attack, as cyber criminals have wedged open the door to your personal data.  

They can then reuse the email and password combinations to get access to more of your accounts, and more of your personal data

How can I protect my data — and my customers’ data — from cyber criminals?

Being prepared is the best defence against cyber attacks in our digital world. 

Before handing over all of your personal information to an organisation, stop to think about what you need to share. Ask yourself if they really need your home or email address for the service they are providing? 

Equally, as a small business, it’s important to review what customer data you are storing, if it’s safe, and if you need to keep it all. 

There are some other simple ways you can lock your virtual door to cyber criminals and reduce the risk of cyber threats.

  • Defend against digital break-ins with up to date software
    Ensure every device is set to automatically update software
  • Set a virtual security alarm with multi-factor authentication (MFA)
    MFA adds another roadblock for hackers trying to force entry into your business.
  • Bounce back with back ups
    In the event of an attack, back ups allow you to recover and keep your business trading
  • Become a Cyber Warden
    If you’re a small business owner and employee and concerned about cyber safety, our Cyber Wardens eLearning is a great place to start learning. Backed by the Australian Government, it’s free and you don’t have to be an IT wizard to understand it.

I went to one of those clubs. Is my data at risk?

If you have been to one of the clubs involved in the data leak, you should be on the lookout for suspicious activity.

This includes being alert to scams, not clicking on links in emails and texts from unknown or suspicious senders, and checking your bank statements for any transactions you don’t recognise.

ABC reported more than 17 clubs were impacted. 

Clubs NSW says in a statement that it is “concerned about the potential impact on individuals and encourages clubs and hospitality venues to notify patrons whose information is affected”.

If you are worried but haven’t been contacted yet, get in touch with the venue directly.

The organisation is also directing members of the public to the government agency  ID Support to help reduce their risk of identity theft.

With Cyber Wardens, you can keep your digital floors clean and free of cyber criminals fishing.


Learn easy and simple cyber security tips for your small business


More helpful resources for you and your business

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.