Qantas Gains Ruling Over Data Hack Hitting Dark Web

In a move aimed at preventing the further spread of compromised personal data, Qantas Airlines has obtained an interim injunction to limit the access and use of sensitive information obtained through a recent cyber hack.

The airline's customer data, including that of almost 6 million customers, was compromised in a breach at one of its offshore call centres. However, unlike major data breaches in the past, Qantas managed to contain the damage by obtaining an injunction against parties involved in releasing or using the stolen information.

Protecting Customer Data

"We want to do all we can to protect our customers' personal information and believe this (injunction) was an important next course of action," Qantas stated on Thursday. The airline emphasized that despite the breach, no credit card details, personal financial information, or passport details were accessed.

However, a significant amount of customer data was still compromised, including the names, email addresses, and frequent flyer details of approximately four million customers, as well as 1.7 million customers' additional sensitive information such as dates of birth, phone numbers, personal or business addresses, gender, and meal preferences.

A Class Action Looms

Legal experts suggest that the incident could lead to a class action lawsuit against Qantas, following the pattern of compensation claims made against Optus and Medibank after their major data breaches in 2022. Maurice Blackburn, the law firm lodging the complaint on behalf of affected customers, has already submitted its claim to the Office of the Australian Information Commissioner (OAIC).

The breach also sparked an investigation by the Australian Federal Police, further emphasizing the seriousness with which Qantas and authorities are approaching this incident.

Key Demands Made in the Injunction

The statement of claim lodged in the NSW Supreme Court identified "persons unknown" as those responsible for the cyber hack. These individuals were ordered to "take all steps to immediately remove all and any of the impacted dataset ... from all accessible internet locations." The injunction also demanded that they refrain from publishing the data on the dark web.

Qantas has emphasized its commitment to protecting customer data, while also taking proactive measures to contain the breach. However, the incident highlights the ongoing need for vigilance in safeguarding sensitive information and the importance of prompt action when breaches occur.