Qantas suffered a major cybersecurity breach in July, where hackers accessed the frequent flyer details of **5 million customers**, including personal and travel-related data. The company obtained a **court injunction** in the NSW Supreme Court to block unauthorized access or use of the stolen data, targeting 'persons unknown' (including hackers). Despite this legal measure, the data was later **leaked on the dark web** within months. The injunction also restricted lawful entities like **HaveIBeenPwned** and **Equifax** (via Norton) from verifying or reporting the breach, creating a paradox: while scammers freely exploited the data, legitimate services couldn’t alert affected customers. Hackers mocked Qantas’ legal approach on Telegram, stating the injunction only silenced media and journalists, not the actual data dissemination. The breach exposed flaws in relying on court orders to mitigate cyber threats, as criminals ignored restrictions while ethical actors were hindered from aiding victims.
TPRM report: https://www.rankiteo.com/company/qantas
"id": "qan2702027110225",
"linkid": "qantas",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '5,000,000',
'industry': 'aviation',
'location': 'Australia',
'name': 'Qantas',
'size': 'large enterprise',
'type': 'airline'}],
'customer_advisories': ['Equifax/Norton alerts sent to affected customers; '
'Qantas disputes accuracy of some alerted data '
'types.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '5,000,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['frequent flyer details',
'personally identifiable '
'information (PII)']},
'date_publicly_disclosed': '2023-07',
'description': 'A major cybersecurity attack on Qantas accessed the frequent '
'flyer details of approximately 5 million customers. The '
'airline obtained a court injunction in the NSW Supreme Court '
'to block access or use of the stolen data, but hackers later '
'leaked the data on the dark web. The injunction prevented '
'legally operating entities (e.g., HaveIBeenPwned) from '
'verifying or reporting on the breach, while scammers ignored '
'it. Equifax (via Norton) later alerted affected customers, '
"raising questions about the injunction's effectiveness.",
'impact': {'brand_reputation_impact': ['negative publicity',
'loss of trust',
'potential class actions'],
'data_compromised': ['frequent flyer details'],
'identity_theft_risk': ['high (due to leaked PII)'],
'legal_liabilities': ['court injunction against data access/use',
'potential class actions'],
'systems_affected': ['customer database (frequent flyer program)']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['frequent flyer database']},
'investigation_status': 'ongoing (data leaked on dark web; injunction '
'enforcement unclear)',
'lessons_learned': ['Court injunctions may limit transparency and hinder '
'breach notifications by legitimate entities (e.g., '
'HaveIBeenPwned).',
'Injunctions do not deter hackers or scammers from '
'exploiting leaked data.',
'Organizations may face reputational and legal risks '
'(e.g., class actions) despite containment efforts.'],
'motivation': ['financial gain', 'data exploitation'],
'ransomware': {'data_exfiltration': True},
'recommendations': ['Balance legal actions (e.g., injunctions) with '
'transparency to enable affected customers to protect '
'themselves.',
'Collaborate with cybersecurity platforms (e.g., '
'HaveIBeenPwned) to verify and communicate breaches '
'responsibly.',
'Review the effectiveness of injunctions in preventing '
'data misuse by threat actors.'],
'references': [{'source': 'The Guardian Australia',
'url': 'https://www.theguardian.com/australia-news'},
{'source': 'HaveIBeenPwned (Troy Hunt)',
'url': 'https://haveibeenpwned.com'},
{'source': 'Qantas Cybersecurity Incident Statement',
'url': 'https://www.qantas.com/au/en/cyber-incident.html'}],
'regulatory_compliance': {'legal_actions': ['court injunction (NSW Supreme '
'Court)']},
'response': {'communication_strategy': ['public statement',
'link to government resources for '
'affected customers'],
'containment_measures': ['court injunction to block data '
'access/use'],
'incident_response_plan_activated': True,
'third_party_assistance': ['legal teams (court injunction)',
'Equifax/Norton (dark web '
'monitoring)']},
'stakeholder_advisories': ['Qantas linked to government resources for breach '
'victims, which paradoxically recommend using '
'HaveIBeenPwned.'],
'threat_actor': 'persons unknown (hackers)',
'title': 'Qantas Frequent Flyer Data Breach (2023)',
'type': ['data breach', 'cyberattack']}