In June 2024, Qantas suffered a large-scale cyberattack compromising the personal data of **5.7 million customers**. The stolen information, which included sensitive details like names, contact information, and potentially financial or travel-related records, was leaked to the dark web. Qantas responded by obtaining a **court injunction**—the first of its kind in Australia following HWL Ebsworth’s precedent—to legally restrict the dissemination, publication, or use of the stolen data by third parties, including cybersecurity researchers, journalists, and platforms like *Have I Been Pwned (HIBP)*. The injunction aimed to prevent further exposure but faced criticism for **disempowering victims** by blocking independent verification of compromised data. Experts argued that while the legal measure may deter law-abiding entities (e.g., researchers or media) from handling the data, it had **no effect on cybercriminals**, who continued to exploit the leaked information for targeted phishing, fraud, or identity theft. The breach underscored tensions between **legal suppression tactics** and **practical cybersecurity transparency**, with critics highlighting that injunctions create a false sense of security while leaving customers vulnerable to ongoing attacks. Qantas defended the move as a **‘sensible step’** aligned with federal guidance, but cybersecurity professionals warned that such measures **hinder threat intelligence sharing**, allow attackers to control the narrative, and fail to address the root cause of the breach. The incident also raised concerns about **regulatory compliance**, **class-action lawsuits**, and the **ethical implications** of restricting public disclosure of breaches affecting millions.
Source: https://ia.acs.org.au/article/2025/cyber-injunctions-put-victims-at-risk--experts-warn.html
TPRM report: https://www.rankiteo.com/company/qantas
"id": "qan5463054102725",
"linkid": "qantas",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Legal Services',
'location': 'Australia (New South Wales)',
'name': 'HWL Ebsworth (HWLE)',
'type': 'Law Firm'},
{'customers_affected': '5.7 million',
'industry': 'Aviation',
'location': 'Australia',
'name': 'Qantas',
'size': 'Large (5.7 million customers affected)',
'type': 'Airline'},
{'industry': 'Entertainment',
'location': 'Australia',
'name': 'Ticketek',
'type': 'Ticketing Company'},
{'industry': 'Healthcare',
'location': 'Australia',
'name': 'Genea Fertility',
'type': 'IVF Provider'}],
'customer_advisories': ['Limited direct communication due to injunction '
'restrictions.',
'Victims may remain unaware of exposure due to '
'suppressed data sharing.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': ['5.7 million (Qantas)',
'Unspecified (HWLE, Ticketek, '
'Genea Fertility)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, potentially '
'financial/health data)',
'type_of_data_compromised': ['Customer records',
'Personally Identifiable '
'Information (PII)']},
'description': 'Cybersecurity experts warn that injunctions—legal tactics '
'used by companies like HWL Ebsworth, Qantas, Ticketek, and '
'Genea Fertility to prevent the dissemination of stolen '
"data—are impeding cybersecurity professionals' work and "
'increasing risks for victims. Experts argue that injunctions '
'fail to stop cybercriminals, who operate globally and '
"disregard legal orders, while restricting 'good actors' like "
'researchers, journalists, and platforms like Have I Been '
'Pwned (HIBP) from informing victims. The debate highlights '
'tensions between legal strategies, public transparency, and '
'effective cybersecurity response.',
'impact': {'brand_reputation_impact': ['Negative media coverage',
'Public distrust in legal tactics',
'Criticism from cybersecurity experts'],
'data_compromised': True,
'identity_theft_risk': ['Increased risk due to delayed victim '
'notification'],
'legal_liabilities': ['Potential class action lawsuits',
'Regulatory scrutiny']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['Customer databases (PII)',
'Corporate/legal documents']},
'investigation_status': 'Ongoing debate among experts; no technical '
'investigation details disclosed.',
'lessons_learned': ['Injunctions may hinder cybersecurity researchers and '
'victim notification efforts.',
'Legal tactics alone cannot prevent global cybercriminal '
'activity.',
'Transparency and public disclosure are critical for '
'improving cybersecurity awareness.',
'Over-reliance on injunctions may create false confidence '
'in breach mitigation.'],
'motivation': ['Financial Gain (Ransomware/Extortion)',
'Data Theft for Exploitation'],
'post_incident_analysis': {'root_causes': ['Inadequate cybersecurity defenses '
'(implied by successful breaches).',
'Over-reliance on legal measures '
'(injunctions) without technical '
'remediation.',
'Lack of transparency exacerbating '
'public risk.']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Avoid overusing injunctions that restrict ethical '
'cybersecurity work.',
'Prioritize victim notification and support over legal '
'suppression of breach details.',
'Enhance collaboration with cybersecurity researchers and '
'platforms like HIBP.',
'Focus on technical remediation (e.g., patching, '
'monitoring) alongside legal responses.',
'Educate the public on breach risks to reduce '
'exploitation by threat actors.'],
'references': [{'source': 'Information Age'},
{'source': 'Have I Been Pwned (HIBP) - Troy Hunt'},
{'source': 'National Office of Cyber Security (NOCS) - '
'February 2024 Guidance'}],
'regulatory_compliance': {'legal_actions': ['Injunctions filed in Supreme '
'Court of New South Wales',
'Potential class actions'],
'regulatory_notifications': ['National Office of '
'Cyber Security (NOCS) '
'guidance cited']},
'response': {'communication_strategy': ['Public statements defending '
'injunctions',
'Limited transparency on breach '
'details'],
'containment_measures': ['Legal injunctions to restrict data '
'dissemination'],
'incident_response_plan_activated': True},
'stakeholder_advisories': ['Cybersecurity experts (Troy Hunt, Euan Prentice, '
'Jamieson O’Reilly, Michael Collins) warn of '
'injunction risks.',
'Legal experts (James Neil, Clayton Utz) defend '
"injunctions as 'powerful and effective'.",
'Qantas and HWLE stand by injunctions as part of '
'breach response.'],
'title': 'Use of Injunctions in Australian Cybersecurity Breaches Sparks '
'Controversy',
'type': ['Data Breach', 'Legal Response Controversy']}