Personal data of over a million patrons from clubs and pubs in New South Wales and the ACT has been compromised.

The breach, originating from IT provider Outabox, exposed sensitive information including names, addresses, birth dates, venue visits, and possibly photos and signatures.

Facial biometrics and driver's license scans were also involved in the data leak.

Outabox has confirmed the potential breach and is working with law enforcement on the issue.

Investigations by NSW police and government are underway, while a website claiming to offer searches of the leaked data has appeared online.

ClubsNSW and Wests Tradies acknowledge the cybersecurity incident and urge venues to communicate with those affected.

Gaming minister David Harris and cybersecurity expert Troy Hunt recommend that patrons replace their driver's licenses as a precaution.

The NSW government is actively expressing concern and pushing for clubs to inform impacted individuals.