We wish to advise identified current and past members of a cyber incident that occurred at CHRG (Castle Hill RSL Group) and provide you with important information about how it impacts you.

Actions we have taken

CHRG suffered a cyber incident, when an unauthorised third party accessed and encrypted our IT system (Incident).  CHRG took immediate steps to contain and commence forensic investigations into the Incident with the assistance of forensic investigators, and various other experts.  CHRG has reported the Incident to the Office of the Australian Information Commission and the Australian Cyber Security Centre.  Separately, CHRG has and is undertaking internal steps to reduce the risk of this incident from reoccurring.

Personal Information Impacted

Forensic investigations did not identify any indications that our sign-in credentials, membership database systems, or point-of-sale systems were impacted by the Incident.

Unfortunately, further forensic investigations have identified that limited personal information from current and historical databases belonging to the addressee, collected by CHRG in compliance with its legal requirements as a registered club, may have been subject to unauthorised access and disclosure. 

CHRG is taking all reasonable steps to limit the impact of, and meet its obligations to, the Incident.  To this end, we wish to inform current and past members of the information that may have been involved, and the steps that should be taken in response. The personal information that may have been impacted is limited to the following:

• full name and date of birth
• contact information, including email address, phone number and postal address.

We are disappointed that this information is involved. However, the risk of harm is limited, as this information is generally considered to have low sensitivity. In addition, based on our investigations, we believe that the data stolen from our systems is not publicly available.

Actions you can take

CHRG recommends continued awareness and monitoring of any suspicious activity, particularly any unusual communications by phone or email that may relate to CHRG.

Please advise us immediately if you see or receive anything suspicious, particularly if it is said to originate from us. If you believe you have become a victim of cyber-crime, please report the incident on the Australian Cyber Security Centre website at www.cyber.gov.au.  Further information about online safety, cyber security and other helpful tips can be found at the Australian Cyber Security Centre or the ACCC’s Scamwatch website.

Please also contact us to ask any questions about this notification, or if you have any specific concerns.  Our dedicated support team is ready to assist you. You can reach out to us via email at info@chrg.com.au, or telephone (02)8858 4800.

David O’Neil

Group Chief Executive Officer