Maurice Blackburn launches compensation case against Qantas over cyber attack
Qantas is facing legal action by Maurice Blackburn for compensation for millions of customers caught in a major cyber attack.
Business
Don't miss out on the headlines from Business. Followed categories will be added to My News.
Law firm Maurice Blackburn is seeking compensation from Qantas on behalf of the millions of customers whose data was stolen in a cyber attack.
On the same day Qantas won an interim injunction to try to stop the publication of the stolen data, Maurice Blackburn lodged a representative complaint with the Office of the Australian Information Commissioner (OAIC) on behalf of affected individuals.
The complaint alleges that Qantas failed to take reasonable steps to protect personal information, stored on a customer database used by its Manila call centre.
Maurice Blackburn principal lawyer Elizabeth O’Shea said the OAIC was the authority charged with taking action over breaches of the Privacy Act.
“While we await a response and potential action from the OAIC in relation to Qantas failing to adequately protect the personal information of its customers, we would encourage Qantas customers who were impacted by the breach to register with us to receive updates about the representative complaint and compensation which may be sought on your behalf,’ said Ms O’Shea.
“It is early days in what we are learning about the mass data breach, but if you’re one of the millions of people that have had your personal information compromised, you’re eligible to register with us and we will keep you informed as the matter progresses.”
The move came as Qantas went to the New South Wales Supreme Court in an effort to stop the personal data of 5.7 million customers being accessed, viewed, released or published.
In a statement, Qantas revealed it was “aware of increased reports of scammers impersonating the airline” and urged customers to remain vigilant.
As yet there has been no evidence that any of the stolen data has been released on the dark web, and Qantas is continuing to monitor those sites with the help of specialist cyber security experts.
The injunction obtained by Qantas means that in the event cyber criminals do post the details on the dark web, others including the media will not be able to repost or publish the details such as Chairman’s Lounge members caught out by the breach.
Affected customers have been informed about what details were on the platform in question, ranging from names, addresses and birthdates to frequent flyer status and points balance.
A statement issued by Qantas said the company “wanted to do all it could to protect customers’ personal information”.
“We believe this was an important next course of action,” the statement said.
“Qantas continues to work closely with the Australian Federal Police, the National Cyber Security Co-ordinator and the Australian Cyber Security Centre, to thoroughly investigate this criminal activity.”
Clayton Utz partner James Neil said the injunction was predominantly aimed at “third parties” who might come into possession of the information.
“I think the injunction is unlikely to have much effect on the hackers themselves — they’re unlikely to pay much attention to what an Australian court says,” said Mr Neil.
“But the orders will often apply to third parties who come into possession of the hacked information with knowledge of the orders, such as media outlets or online platforms. They will be on notice of the orders and should be incentivised to prevent the dissemination of the hacked material.”
The airline again emphasised that no credit card details, personal financial information or passport details were stored in the compromised system.
Passwords, PINs and login details were also not accessed or compromised.
Qantas previously revealed a “potential cyber criminal” had made contact with the airline in relation to the cyber attack, which followed an “interaction” with the Manila call centre.
It is unknown if any ransom demands were made in relation to the data, which cyber experts have suggested is sufficient for social engineering scams targeting individual customers.
Those affected are advised to remain vigilant to any requests for further data, either by phone, text or email.
Qantas said it was “aware of increased reports of scammers impersonating the airline and recommended customers remained alert for unusual communications claiming to be from Qantas”.
“Qantas will never contact customers requesting passwords, booking reference details or sensitive login information,” the statement said.
Regional director of systems engineering at breach containment company Illumio, Andrew Kay, said it was an appropriate move by Qantas to help limit the misuse of the data.
“I think more fundamentally it doesn’t undo the fact the breach has occurred but it shows to the public and regulators, action is being taken,” said Mr Kay.
“The focus should really be on reducing the impact of such attacks and ensuring they are improving their processes so it doesn’t happen again.”
He said it remained an “uncomfortable truth” that many organisations will be in this position, as cyber criminals continued to target large corporations.
“I think breaches will continue to be inevitable but the actual disaster of the fallout of it doesn’t have to be,” Mr Kay said.
Qantas has set up a dedicated support line for customers caught in the cyber hack, on 1800 971 541 or +61 2 8028 0534.
More Coverage
Originally published as Maurice Blackburn launches compensation case against Qantas over cyber attack
‘Irrational’: Scepticism over QIC’s $750m Rainforest Tower plans
There is some scepticism over QIC’s plans for a new office tower in the CBD with one property figure calling it “irrational” in the current construction climate.
Developers hold high hopes for Darling Harbour revamp
Plans for a big revamp of the hotels that overlook a rapidly changing part of Sydney Harbour are likely to ignite a scramble among developers to win control of a redevelopment scheme.