Login
iscover
Adam ThornShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Qantas has obtained a court injunction to prevent any person or organisation from publishing the customer information stolen in its recent hack.
The airline called the ruling of the NSW Supreme Court an “important next course of action” but also reiterated that there is still “no evidence” that any data had been released into the public domain.
The incident reportedly involved cyber criminals using AI to impersonate a Qantas employee and then tricking a customer service operator in Manila into divulging crucial information.
While no group has claimed responsibility, reports suggest that a hacking collective known as Scattered Spider may be behind the attack.
Annie Haggar, now head of cyber security at Norton Rose Fulbright, last year told Cyber Daily that injunctions can help prevent stolen data from being distributed by media organisations.
“We anticipate the increasing use of injunctions as part of an impacted organisation’s response to a cyber incident, and they have an important role to play,” she said.
“However, their use needs to be balanced between restricting publication of information in the interests of the public good and safety versus a false sense of security against voyeurism of the stolen datasets that actually only deters already law-respecting parties.”
Separately, Qantas revealed that it was aware of increased reports of scammers impersonating the airline, but it reiterated that it believed no financial information had been compromised.
“We recommend customers remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords,” the airline said in a new statement.
The attack took place on 30 June, and Qantas began contacting Frequent Flyer customers last week to inform them exactly how much of their data was stolen.
It also revealed that 5.7 million passengers were targeted in total, with data fields compromised including phone numbers, addresses and dates of birth.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers’ data, and are continuing to review what happened,” CEO Vanessa Hudson said in an update.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the federal government for their continued support.”
Security analysts believe the attack was likely carried out by a hacking collective known as Scattered Spider, which was behind a recent spate of attacks targeting retailers in the UK.
Be the first to hear the latest developments in the cyber industry.
