A major data breach affecting approximately 5.7 million customers has prompted Qantas Airways to seek legal protection in the NSW Supreme Court. The airline filed for a non-publication order to safeguard its legal counsel from potential retaliation by hackers involved in the cyber attack. The breach, which occurred in June 2023, compromised sensitive information, including addresses, phone numbers, and dates of birth.
The court heard that the stolen data included business and residential addresses tied to 1.3 million accounts, the phone numbers of 900,000 customers, and the birth dates of an additional 1.1 million individuals. Following the attack, Qantas has been vigilant in monitoring the situation, asserting that there is currently no evidence indicating that the stolen data has been released publicly.
In July 2023, Qantas secured an interim injunction aimed at preventing unauthorized access to the compromised data. On Thursday, Justice Francois Kunc agreed to make these orders permanent. Additionally, he imposed a six-month non-publication order concerning the names of the solicitors and counsel representing Qantas. Justice Kunc highlighted the need for such measures, stating, “In relation to the lawyers, a non-publication order might be justifiable on the basis that the perpetrators have some temporary ire against the legal advisors.”
Qantas has initiated legal action against “persons unknown,” defined as any individual or entity involved in the theft of data, communication of payment demands, or dissemination of the stolen information online. The court was informed that hackers had contacted Qantas through a series of emails, claiming unauthorized access to confidential data.
Justice Kunc described hacking and data breaches as a “serious societal problem,” noting a rising trend in similar applications from organizations targeted by cybercriminals. He emphasized the importance of the court’s role in addressing these threats, stating, “The threat represented to our community, to our commerce, by these actors is very real.” The justice acknowledged that while the perpetrators may seem unreachable, it remains crucial for the judicial system to not “turn its face” from the issue.
Qantas’ legal strategy includes seeking protective measures to minimize risks from criminal hackers, who may target its legal team in response to the airline’s actions. The airline’s response underscores the ongoing challenges faced by organizations worldwide in safeguarding customer data against increasingly sophisticated cyber threats.
