Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are getting screwed
It’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get a court to block anyone from accessing it.Qantas ran it after suffering a major cybersecurity attack that accessed the frequent flyer details of 5 million customers.The airline joined the long list of companies in Australia, dating back to the HWL Ebsworth breach in 2023, to go to the New South Wals supreme court to obtain an injunction against “persons unknown” – banning the hackers (and anyone else) from accessing or using the data under threat of prosecution.Of course, it didn’t stop hackers leaking the customer data on the dark web a few months later.But it might have come as a surprise when the ID protection company Equifax this month began alerting Qantas customers that their data had been leaked – since access to the data was supposedly banned.
This highlights the major flaw in the injunction scheme.Qantas argues the injunction protects customers, but cybersecurity experts warn that in practice it has the opposite effect: scammers will ignore it, while organisations based in Australia and operating within the law will not be able to verify the data and report on it.Sign up: AU Breaking News emailTroy Hunt, an Australian who operates the HaveIBeenPwned website which notifies users when their information appeared in breaches, is frustrated that he has not been able to include the breach in his searchable database.“Clearly the injunction has not stopped even legally operating organisations from accessing the data and communicating with the customers,” he said.“[Qantas is] obviously trying to minimise damage, and they will inevitably get raked over the coals with class actions, because it happens to every big company that has a breach now … but there is just no measurable, practical benefit that anyone can assign to keeping this data out of the hands of people like [me], whilst it’s in the hands of people who are now abusing it.
”Hunt noted the irony that Qantas’s cybersecurity incident statement on its website links out to government resources for customers caught up in a breach.Those resources advise customers to visit Hunt’s website so they can better protect themselves by being aware of what information is out there.How Equifax approached the injunction is unclear.The company said it uses the cybersecurity company Norton to monitor the dark web.Norton’s parent company Gen Digital is based in the US and Czechia while Equifax is US-based.
Norton did not deny it had accessed the data when asked twice by Guardian Australia, saying in a statement it is “contractually obligated to notify customers” when their information is posted on the dark web.Sign up to Breaking News AustraliaGet the most important news as it breaksafter newsletter promotion“These alerts are part of our ongoing commitment to help victims of a data breach protect their personal information and respond quickly if their data is at risk,” the spokesperson said.“This service operates under strict business, privacy, and compliance standards to ensure accuracy and lawful handling of all data sources.”Qantas would not confirm if it was considering pursuing companies for potential contraventions of the injunction, but indicated it was monitoring third-parties and would consider them on a case-by-case basis.“We are aware of notifications being sent to some of our customers by a third-party providers.
These notifications include types of personal information that was not held in the system impacted in our July cyber incident,” the spokesperson said,According to screenshots from the Telegram group run by the hackers, posted this month by Hunt, the hackers are aware of the limitations of the injunction,“qantas why are you lying to your citizens?” the message states,“all your injunction does is prevent media/journalists,”“YOUR data WILL be released and it WILL BE accessed.
”
Australian supermarket chocolate ice-cream taste test: ‘My scorecard read simply: “I’m going to buy it”’
Sweet memory lane or boulevard of broken creams? Nicholas Jordan and friends sample 23 tubs in search of nostalgia, glee and chocolate excessIf you value our independent journalism, we hope you’ll consider supporting us todayGet our weekend culture and lifestyle emailI grew up in a house barren of treats – there was no regular supply of chocolate, snakes, sour lollies or caramels. There was one exception: ice-cream, and I was mostly free to eat it whenever I wanted. That constant, childhood joy was the start of a storied love affair. Later, when I had money to buy my lunch in high school, I would get a one-litre tub, a pair of spoons, and my friend and I would eat the entire thing and nothing else. Sometimes, if we were particularly greedy, we’d split a two-litre tub
Sweet dreams? Healthy ways to put pudding back on the menu | Kitchen aide
I eat healthily, but my meals are never really complete without pudding. Yoghurt and stewed fruit aside, do you have any suggestions for what will hit the spot without verging too far into the unhealthy? Wendy, by emailThe truth is, you can’t often have your cake and eat it – or not a big piece, anyway. “My main piece of advice, which maybe isn’t all that welcome, is to keep to small portions,” says Brian Levy, author of Good & Sweet, in which his recipes contain no added sugar. “My grandma would keep mini chocolate bars and have just one, but that’s never really worked for me.”’Tis the season for stewed fruit, but have you tried Melissa Hemsley’s banana slices sandwiched together with peanut butter, half-dipped in melted chocolate and put in the freezer? (FYI the same tactic also works like a dream with dates
José Pizarro’s recipe for pumpkin and spinach with pimenton
I grew up with the taste of pimentón de la vera, the smoky, fiery spice Spain embraced from the New World and made its own. Pimentón gives our food its soul. One of the dishes everyone loves back home is espinacas con garbanzos (spinach and chickpeas), which is it’s simple, nourishing and full of comfort. At this time of year, however, when the markets are overflowing with sweet pumpkins, I love adding them to the mix, too. Their gentle, autumnal sweetness lifts the spinach and chickpeas beautifully, and they combine to create a dish that we’ve been serving all month at my restaurant Lolo in south-east London
The £1 oyster: cut-price shellfish is all the rage – but is eating it advisable?
Name: Oysters.Age: Triassic – so about 250m years old.Appearance: Grey and snotty.Oysters, eh? What pearls of wisdom (see what I did there) do you have for me on the noxious bivalve? You’re not a fan, then?Absolutely not. What desperation drove early humans to think, “Time to smash open this forbidding, rock-like blob and eat whatever godforsaken, gelatinous mess it disgorges”? Well, younger diners don’t agree – they’ve gone mad for oysters
Double, heavy, pure cream? Helen Goh’s guide to baking across borders – plus a finger bun recipe
When Sweet, the baking book I co-authored with Yotam Ottolenghi, came out in the United States in 2017, my excitement at seeing so many people bake from it was matched only by my horror at what I saw them pulling from their ovens on Instagram: pale cakes with thick, dark exteriors.Posts from Australian and British readers showed no alarming results and I quickly realised something had gone awry in the American translation. As it turned out, the recipes had been converted in-house by the publisher, using a straightforward formula to change celsius to fahrenheit. What no one had noticed was that the conversion also needed to take into account the oven setting: fan-forced versus conventional heat. Many American ovens, it seems, still don’t have a fan function
Rukmini Iyer’s quick and easy recipe for beetroot, apple and feta fritters | Quick and easy
These are autumn in a fritter. Not only were they an unexpected hit with my 18-month-old, but, after trying one myself, I instantly crossed out the saffron arancini at the top of my list for an upcoming lunch party and replaced it with a delirious, “OMG make these fritters!” Not bad for a five-ingredient dish, and a lot less faff than arancini.Serve with a green salad and the dip alongside for a filling dinner on a cold evening.Prep 15 min Cook 20 min Serves 2-42 apples (I used Discovery) 2 medium beetroot, peeled and grated1 egg 200g feta, crumbled60g self-raising flour (gluten-free if you have it)Olive oil, for fryingFor the dip 3 heaped tbsp Greek yoghurt 3 heaped tbsp mayonnaise ½ lemon, juice and zestA pinch of sea saltGrate the apples skin and all into a clean tea towel, then twist and squeeze the towel over the sink to remove as much moisture as you can. Tip the grated apple into a large bowl, then add the grated beetroot, egg and crumbled feta, and mix well
Womad festival returns and moves to new Wiltshire site
Seth Meyers on Trump’s South Korea visit: ‘Getting the royal treatment he so desperately craves’
A third of people in England believe in ghosts, survey finds
Arts organisations still in ‘funding limbo’ after crash of Arts Council England online portal
Jimmy Kimmel on government shutdown: ‘There is no Republican plan for healthcare’
Man who won damages over Richard III film calls for more regulation of fact-based drama