Update regarding third-party supplier data incident

Published: Thursday 8 August 2024

Following a detailed investigation, Vikings Group is now able to provide a further update on the data incident involving a former external service provider of our sign-in terminals. 

We have been in regular discussions with the service provider to gather more information to help us with our investigations and assessment of the incident. We have now received substantial information to assist with our understanding of and investigations into the incident.

Based on the information received and our investigations to date, we can now share the following:

  • the individual believed to be responsible for the incident has been identified, arrested and charged, with their assets seized; 

  • the background circumstances suggest the individual’s motivations were not to misuse any personal information;

  • the website is no longer accessible.

We also understand that only limited information was viewable on the website involved. Importantly, this did not include any identity information such as driver’s licence details or other sensitive information. In light of the unique circumstances surrounding this incident, it is considered that the information involved in this incident is not at risk.

We want to take this opportunity to apologise for the concern this incident may have caused. We greatly value and appreciate the support and feedback we have received from our members and our guests throughout this process.

As a general precaution, we encourage you to please remain vigilant against potential scams and monitor for any suspicious activity, including any communications by phone or email that request information or payments. We provide further cyber safety guidance below that you may want to consider.

We are taking proactive internal steps to further strengthen our security measures to safeguard against future incidents. This includes a thorough review of our IT security and internal data policies, as well as enhancement to our existing cybersecurity protocols. It is also important to highlight that there were no breaches in our own IT security systems.

We sincerely thank all our community for their patience and understanding while we investigated this matter. We continue to work with the third-party provider and the relevant authorities in response to this incident. Should further information come to light as a result of these investigations, we will take all necessary action in response and provide further updates as required.

If you have any questions, please contact our incident support team via email on privacy@vikings.com.au or contact our dedicated 24/7 call centre support team on 1800 319 559.

 
 

Important update regarding the data incident

Published: Thursday 7 May 2024

Following our notification about the data incident last week, we would like to assure you that we remain committed to determining the extent to which our data may be involved, and will continue to provide further updates as additional information becomes available. NSW Police has since charged an individual in connection with this incident – more information about this can be found on the NSW police.

While investigations are underway, we urge our members to remain vigilant against suspicious communications. For the latest updates and guidance on staying Cyber Safe, please visit our website. If you have concerns about your personal information, ID Support NSW is available to assist - they can be reached by calling 1800 001 040 or through their website. 

We would like to thank our members for their patience and support while this investigation is ongoing, and we will continue to provide updates as more information becomes available.  For any inquiries about this incident, please reach out to us at privacy@vikings.com.au.

 
 

Important information regarding an data incident

Published: Thursday 2 May 2024

Vikings Group is aware of an incident involving a third-party provider of sign-in terminals which has resulted in the potential misuse of data it holds.

We understand that this incident has impacted several pub, clubs and restaurants within NSW and ACT that use these terminals for similar sign-in procedures, and the extent of the impact is being investigated as an utmost priority. 

We would like to assure our members that we take the protection of our data seriously and are working hard to gain a clearer picture from the third-party provide of the extent of this incident and to ensure appropriate support is provided to any individuals who are found to be affected.  

As part of the services the third-party provides to our clubs, it holds some membership information. We are actively investigating the extent of the impact to our membership information and we will keep our members updated as soon as more information becomes available.

We understand that the relevant law enforcement agencies have been informed and are investigating. We have also informed the Office of the Australian Information Commissioner (OAIC) and will continue to work with all relevant authorities in response to this incident.

While the investigation is ongoing, we urge our members to remain vigilant to suspicious communications at this time – we have provided some guidance below which may be helpful.

If our members receive any suspicious communications that claim to be from Vikings Group, we ask that they do not respond and inform us by emailing privacy@vikings.com.au so we can ensure this is escalated and appropriate support is provided.

 
 

Be Cyber Safe

We recommend you remain vigilant against the risk of phishing emails and scams, which are often the most likely risk associated with any unauthorised access to information.

Scam calls and phishing emails are becoming increasingly sophisticated and can appear to come from legitimate email addresses and phone numbers with local area codes. They will often claim to be from a reputable organisation, such as a government entity, bank, or telecommunications agency. They will also create a sense of urgency to try to get you to disclose sensitive information or to elicit funds from you.

In light of this incident, we urge extra precaution around any communications (particularly calls or text messages) that claim to be from Vikings Group.  

As detailed above, if you receive any suspicious communications that claim to be from Vikings Group, we ask that you do not respond and inform us by emailing privacy@vikings.com.au so we can ensure this is escalated and appropriate support provided.

What precautionary steps can I take?

We recommend you take the following steps to help keep your information secure online:

  • Be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;

  • When on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with https://;

  • If you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;

  • Enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;

  • Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts; and

  • Follow the Australian Competition and Consumer Commission's Scamwatch guidance for protecting yourself from scams here: www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.

For more information on cyber security, you can visit the OAIC’s tips for further guidance about protecting your identity: www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/.

If you have any concerns regarding your personal information, ID Support NSW is providing assistance to any individuals who believe they may be affected by this incident. They can be contacted by phone on 1800 001 040 or via their online form: www.nsw.gov.au/id-support-nsw/contact/contact-form-id-support-nsw. The ID Support NSW team is available Monday to Friday from 9am to 5pm.