Following on from our email earlier this week (see below thread), we have been in touch with Curtin’s Privacy team and the Cyber Security Operations team to discuss potential issues involving clubs and societies using useGET and a data breach. We ask that clubs respond quickly and take the appropriate action, such as:
-
Immediately cease using GET. Perhaps consider using a new ticketing program for event ticket sales.
-
Contact your members AND those who attended your events after purchasing tickets via this system immediately.
-
Notify them of this data breach to advise them about some sensitive information that exposed some of your member data (including but not limited to phone numbers, date of birth, names, emails, student numbers, and other sensitive financial information), that may also contain data from your club/society. If you have not used UseGet (formerly QNect) in the last 16 months, then this may not apply to you, but your data may still be present in the leak.If any of your member's data is present, pro-actively reach out to them to alert them to keep an eye out for any suspicious activity
-
Reach out to UseGet (https://useget.com) to get a full list of any leaks that they may be aware of (particularly any financial information)
-
Avoid clicking on any links from sources you do not recognise. For example, if any links are sent purporting to come from QPay, check that the domain name is from quicklypay.it and signed (usually identified by a green lock box on most browsers) OR hover your mouse over the name of the link without clicking it to view the full URL. Please note they should never ask for any passwords or financial information.
Please note that we do not know the extent of the data breach and we are unaware of what personal information has been exposed (contact numbers, credit card details etc) however it’s is best to be as transparent as possible with your members at this time and advise them regardless.
Email: 13/09/19 - Clubs Officer