LAKE Macquarie’s Ray Fairall was shocked when he learned his private data may have been lost to hackers who targeted one of the world’s largest poker machine game designers, Aristocrat Leisure, despite never having played an electronic poker machine in his life.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Fairall is a member of the Toronto Workers Club, and it was the club that sent him the letter earlier this year, warning him - along with all its other members - of the data breach.
The full scope of the material the hackers had gained access to when they attacked an Aristocrat cloud system earlier this year was staggering. Any identification documents the club’s 20,000 members had used to sign up with, including driver’s licenses, pensioner cards and even passports were included, as well as names, address and phone numbers.
Mr Fairall said he was shocked to learn that Aristocrat had access to so much personal information about him in the first place, especially since he does not use gaming machines.
It was explained that the Toronto Workers Club had provided the information to Aristocrat, which was building a venue management system for the club.
Since club members can use their loyalty cards to sign into the club and to gather reward points for purchases, Mr Fairall understands Aristocrat has records of his activities at the club.
It is understood that Aristocrat provides these systems for about 20 percent of the state’s pubs and clubs.
Now the independent MP Andrew Wilkie, a prominent opponent of the pokie industry, wants to know how many people Aristocrat holds such data on.
He also wants to know what data it has, and whether it stores information on people’s gambling patterns.
In April he wrote to Aristocrat asking how many Australians it held personal information on, and for assurances that such data could not be accessed again.
In its response, seen by Fairfax Media, Aristocrat says as soon as it discovered the breach it notified the club, the police, the public and regulatory bodies.
The company says there is no evidence that any of the data has been used by hackers, but it does not make clear how many people in NSW it holds data on.
A spokeswoman for Aristocrat told Fairfax Media the company is unable to answer the question, because to do so it would need to improperly aggregate and access the data.
She says the data is not collected in a single system and is not used for any purpose other than to manage each individual customer’s systems.
"To answer the question 'how many people does Aristocrat hold information about’ would require us to aggregate and analyse customers’ data in a way that we never do, and would never be permitted to do.
"As we have made clear in our written response to Mr Wilkie, any data provided by customers is held and used under individual software management and service agreements within our systems business.
"Such agreements are standard across the software management sector, whether companies are in gaming or not, and strive to ensure data is protected and properly managed.”
But Mr Wilkie remains concerned.
“In a time of Facebook and Cambridge Analytica, people are right to be concerned about who has data about them and how it used.”
He believes it is particularly concerning that a company that builds poker machines and the games that run on them have so much information about gamblers and pub and club patrons.
And Ray Fairfall remains skeptical too. “If they are gathering information about us in Toronto they are doing it everywhere, Toronto is at the end of the world,” he said.
Mr Fairfall is also unsatisfied with the club’s response. He says that in the letter he received from the club it was suggested that if he was concerned he should consider getting regular credit checks.
He notes that if all of the clubs members did that it would cost millions of dollars. “Who bears the cost? Who bears the responsibility?”
The Toronto Workers Club declined to comment when contacted by Fairfax Media.
A spokesman for ClubsNSW said in a statement that the organisation, “has taken steps to ensure that any service provider acting for clubs in this area meets their legal requirements to protect members’ personal information."