iscover
Qantas has obtained a court injunction to prevent any person or organisation from publishing the customer information stolen in its recent hack.
The airline called the ruling of the NSW Supreme Court an “important next course of action” but also reiterated that there is still “no evidence” that any data had been released into the public domain.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
The incident reportedly involved cyber criminals using AI to impersonate a Qantas employee and then tricking a customer service operator in Manila into divulging crucial information.
While no group has claimed responsibility, reports suggest that a hacking collective known as Scattered Spider may be behind the attack.
Annie Haggar, now head of cyber security at Norton Rose Fulbright, last year told Australian Aviation’s sister brand, Cyber Daily, that injunctions can help prevent stolen data from being distributed by media organisations.
“We anticipate the increasing use of injunctions as part of an impacted organisation’s response to a cyber incident, and they have an important role to play,” she said.
“However, their use needs to be balanced between restricting publication of information in the interests of the public good and safety versus a false sense of security against voyeurism of the stolen datasets that actually only deters already law-respecting parties.”
Haggar was talking in response to a similar hack on South Australia’s Wattle Range Council.
Separately, Qantas revealed it was aware of increased reports of scammers impersonating the airline but reiterated that it believed no financial information had been compromised.
“We recommend customers remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords,” the airline said in a new statement.
The attack took place on 30 June, and Qantas last week began contacting Frequent Flyer customers to inform them exactly how much of their data was stolen.
It also revealed that 5.7 million passengers were targeted in total, with data fields compromised including phone numbers, addresses and dates of birth.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers’ data and are continuing to review what happened,” CEO Vanessa Hudson said in an update.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the federal government for their continued support.”
Security analysts also believe the attack was likely carried out by ransomware group Scattered Spider, which was behind a recent spate of attacks targeting retailers in the UK.
