Orders made by New South Wales Supreme Court Judge Francois Kunc, revealed the airline was required to serve documents on the as yet unnamed group through any known channel.

As a result a dedicated message box and specially set up email addresses were used to send a Dropbox link of documents to the Tox messaging account contact point of the criminals.

Tox is a covert communication channel that uses a combination of encryption algorithms to ensure security and privacy, and only users with Tox IDs can use the system.

According to cybersecurity expert Sigmund Brandstaetter, Tox does not rely on centralised servers that may be vulnerable to surveillance and data breaches, making it attractive for use by cyber criminals.

The Qantas affidavit said the documents were sent at 9.45am on Thursday, and within three hours a return email was received.

The proceedings were kept confidential until the documents were sent, in an effort to ensure the group did not disconnect from its contact point.

Court documents provided few other clues to the group’s identity — only that it was based outside of Australia.

Much of the affidavits’ content was redacted due to the sensitivity of the matter which began to unfold late last month after an “interaction” between the cyber criminal and Qantas’ Manila call centre.

It’s alleged that interaction led to the criminal accessing a customer database, storing personal information about 5.7 million individuals.

The information ranged from names, addresses and birthdates to frequent flyer numbers and points balances, but did not include credit card details, passport information or passwords.

However one affidavit filed by the airline revealed concerns the information could be used “to cause harm to Qantas, its customers and others”.

Three examples of harm were listed in the affidavit but the details were redacted.

The primary purpose of the court proceedings was an injunction preventing the release, viewing, transmission or publication of information stolen from the database.

Although it was considered unlikely the cyber criminals would abide by the court undertaking, the legal orders meant third parties such as the media could not expose the data in the event it was uploaded to the dark web.

At the same time, law firm Maurice Blackburn was pushing ahead with its claim for compensation for those caught up in the Qantas attack.

A spokesman said the law firm had received a “very strong response” after inviting customers to register with Maurice Blackburn via its website, to get updates on a complaint to the Office of the Australian Information Commissioner, and potentially compensation.

“It is early days in what we are learning about the mass data breach, but if you’re one of the millions of people that have had your personal information compromised, you’re eligible to register with us and we will keep you informed as the matter progresses,” said principal lawyer Elizabeth O’Shea.

As yet the identity of the Qantas cyber attacker has not been revealed, however experts believe the method of operation was strikingly similar to that deployed by the group known as Scattered Spider.

Previously linked to attacks on Hawaiian Airlines and WestJet, the group has been identified by the US Federal Bureau of Investigation as targeting airlines.

There were fears the group may have struck again on Sunday evening (US time) when Alaska and subsidiary Horizon Airlines suddenly issued a ground stop on all flights due to a software outage.

A ground stop means flights yet to takeoff are required to remain on the ground, causing potential travel disruptions and delays.

The outage lasted three hours, before Alaska announced it was lifting the ground stop.

In a post to X, the airline offered a sincere apology to customers for the inconvenience but provided no further details of the IT outage other than to say it had been resolved.

More Coverage

Maurice Blackburn pursues Qantas breach

Robyn Ironside

Experts ring the scam alarm for Qantas customers

Robyn Ironside, Jared Lynch

Originally published as How Qantas served papers on cyber criminals over hack attack on customer database