A recent legal initiative seeks to provide protection for individuals affected by a significant data breach at Qantas, which exposed the personal information of 5.7 million customers. This breach occurred in July due to a hack involving one of the airline’s offshore call centres. Qantas announced that sensitive data like credit card information, financial details, and passport numbers had not been accessed during the incident.
In a bid to curb the online distribution of leaked information, Qantas obtained court orders from the NSW Supreme Court. Justice Francois Kunc acknowledged the severity of the situation, highlighting the tangible threat posed by cybercriminals to the community and economy. The orders included suppression of identifying details of a Qantas expert and the legal representatives involved, aiming to shield them from potential retaliation by the overseas hackers, whose focus will likely shift to other targets once they are done with Qantas.
Counsel for Qantas, whose identity remains confidential, emphasised the importance of these suppression orders in mitigating potential criminal threats. He articulated a strategic approach to dealing with the wider societal problem of cybercrime, suggesting that these protective measures would help avoid further risky attention from hackers.
The data breach resulted in the exposure of personal details, such as names, email addresses, and frequent flyer information, for four million customers. An additional 1.7 million individuals had their more sensitive data compromised, including names, birthdays, phone numbers, addresses, and preferences. Under the newly issued court orders, anyone involved in the hack, including those who communicated payment details, is prohibited from sharing the leaked information. Furthermore, they are mandated to remove the data from all online platforms, including the dark web, with non-compliance potentially leading to severe legal consequences.
In addition to the legal actions taken by Qantas, law firm Maurice Blackburn has filed a separate complaint with the Office of the Australian Information Commissioner on behalf of affected customers. Legal analysts suggest this incident could spark a class action against Qantas, reminiscent of compensation claims made against other companies like Optus and Medibank following their data breaches in 2022. The Australian Federal Police are also investigating the breach, underscoring the broader implications of this case for cybersecurity and consumer protection in Australia.