A massive potential identity fraud risk has been uncovered, with cybersecurity crime squad detectives looking into data breaches at hospitality venues across NSW.

The Cybercrime squad detectives say there is a threat of sharing the personal details of over one million people.

Shadow Minister for Gaming and Racing Kevin Anderson said the Minns Labor Government is running the risk of losing public confidence over the efficacy of their trial into cashless gaming.

"The Minister must ensure that the cashless gaming trial protects all participants, or risk losing the public confidence in the government’s pokies plan," he said.

This comes after the NSW Government’s Independent Panel on Gaming Reform agreed on a bigger and broader cashless gaming trial last December.

This expanded trial included around 4500 machines across 28 clubs and hotels across 24 metropolitan and regional local government areas.

To participate in the trial, minimum requirements included harm minimisation protections, anti-money laundering protections, data security and privacy protections.

Five technology providers were given conditional approval to participate in the extended trial, subject to essential cybersecurity requirements.

“There has been a lack of information from the Labor Government about the panel’s work and that’s causing concern from the community and the industry who are seeking confidence when it comes to privacy protections,” Mr Anderson said.

During the cyber breach in early May, officers attached to State Crime Command’s Cybercrime Squad were alerted to a website which had published the personal information of patrons who signed-in using their drivers’ licences at specific premises across NSW.

One premises was the Hornsby RSL Club who told its members they deeply regret any distress, concern or inconvenience this has caused.

In part, their statement read as follows -

'At 1900 hours on 29 April 2024, Hornsby RSL Club was informed that one of our former external service providers suffered a cyber security incident. Our internal IT systems have not been impacted.

The impacted provider supplied technology and services to assist us with our Club sign-in process from 1 January 2021 to 31 July 2023.

We have been informed that data held by the provider has recently been taken and posted onto the internet.'

Commander of the Cybercrime Squad, Detective Acting Superintendent Gillian Lister, said this breach should act as a remind for people to check their personal cyber security.

The Minns Government has already implemented a number of reforms to reduce gambling harm and prevent money laundering: 

• reduced the cash input limit from $5,000 to $500 for all new poker machines from 1 July 
• reduced the state-wide cap on gaming machine entitlements by more than 3000 
• banned political donations from clubs involved in gaming
• removed VIP gaming signage across NSW
• invested $100m into gambling harm minimisation over the next four years.

Mr Anderson is not satisfied.

Kevin Anderson MP

“The Minister needs to make the work of the panel public to restore confidence in process of moving to cashless gaming in NSW and must provide transparency on what the Government is doing to protect the privacy of trial participants" he said.

“The Government needs to provide certainly that they have the issue under control and their trial has not been jeopardised. This is not the first time a cyber breach has occurred and while the hospitality industry is keen to proceed with a cashless gaming, this latest breach is a major setback and a clear reminder that more work needs to be done on privacy and data protection.

 Commander of the Cybercrime Squad, Detective Acting Superintendent Gillian Lister, said this breach should act as a remind for people to check their personal cyber security.

“Now is the optimal time to make sure your cyber hygiene is good; you have strong passwords and are using two-factor authentication where possible,” Det A/Supt Lister said. “If you think your details may have been compromised, use extra caution when reviewing emails or texts and never click on a suspicious or unfamiliar link.

“Always make sure to report incidents of cybercrime through the Australian Cyber Security Centre or Scamwatch.”