Author: admin

It’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get a court to block anyone from accessing it.

Qantas ran it recently after suffering a major cybersecurity attack that accessed the frequent flyer details of 5 million customers.

The airline joined the long list of companies in Australia, dating back to the HWL Ebsworth breach in 2023, to go to the NSW supreme court to obtain an injunction against “persons unknown” – banning the hackers (and anyone else) from accessing or using the data under threat of prosecution.

Of course, it didn’t stop hackers leaking the customer data on the dark web a few months later.

But it might have come as a surprise when ID protection company Equifax this month began alerting Qantas customers that their data had been leaked – since access to the data was supposedly banned.

This highlights the major flaw in the injunction scheme. Qantas argues the injunction protects customers, but cybersecurity experts warn that in practice it has the opposite effect: scammers will ignore it, while organisations based in Australia and operating within the law will not be able to verify the data and report on it.

_{Sign up: AU Breaking News email}

Troy Hunt, an Australian who operates the HaveIBeenPwned website which notifies users when their information appeared in breaches, is frustrated that he has not been able to include the breach in his searchable database.

“Clearly the injunction has not stopped even legally operating organisations from accessing the data and communicating with the customers,” he said.

“[Qantas is] obviously trying to minimise damage, and they will inevitably get raked over the coals with class actions, because it happens to every big company that has a breach now … but there is just no measurable, practical benefit that anyone can assign to keeping this data out of the hands of people like [me], whilst it’s in the hands of people who are now abusing it.”

Hunt noted the irony that Qantas’s cybersecurity incident statement on its website links out to government resources for customers caught up in a breach. Those resources advise customers to visit Hunt’s website so they can better protect themselves by being aware of what information is out there.

How Equifax approached the injunction is unclear. The company said it uses the cybersecurity company Norton to monitor the dark web. Norton’s parent company Gen Digital is based in the US and Czechia while Equifax is US-based.

Norton did not deny it had accessed the data when asked twice by Guardian Australia, saying in a statement it is “contractually obligated to notify customers” when their information is posted on the dark web.

“These alerts are part of our ongoing commitment to help victims of a data breach protect their personal information and respond quickly if their data is at risk,” the spokesperson said. “This service operates under strict business, privacy, and compliance standards to ensure accuracy and lawful handling of all data sources.”

Qantas would not confirm if it was considering pursuing companies for potential contraventions of the injunction, but indicated it was monitoring third-parties and would consider them on a case-by-case basis.

“We are aware of notifications being sent to some of our customers by a third-party providers. These notifications include types of personal information that was not held in the system impacted in our July cyber incident,” the spokesperson said.

According to screenshots from the Telegram group run by the hackers, posted this month by Hunt, the hackers are aware of the limitations of the injunction.

“qantas why are you lying to your citizens?” the message states. “all your injunction does is prevent media/journalists.”

“YOUR data WILL be released and it WILL BE accessed.”

In an interview with Bloomberg TV’s Wall Street Week on Friday, he said the obvious way to make money off AI investments, aside from charging fees to use chatbots, is to replace workers with something cheaper.

Hinton, whose work has earned him a Nobel Prize and the moniker “godfather of AI,” added that while some economists point out previous disruptive technologies created as well as destroyed jobs, it’s not clear to him that AI will do the same.

“I think the big companies are betting on it causing massive job replacement by AI, because that’s where the big money is going to be,” he warned.

Just four so-called AI hyperscalers—Microsoft, Meta, Alphabet and Amazon—are expected to boost capital expenditures to $420 billion next fiscal year from $360 billion this year, according to Bloomberg.

Meanwhile, OpenAI alone has announced a total of $1 trillion in infrastructure deals in recent weeks with AI-ecosystem companies like Nvidia, Broadcom and Oracle.

When asked if such investments can pay off without destroying jobs, Hinton replied, “I believe that it can’t. I believe that to make money you’re going to have to replace human labor.”

The remarks echo what he said in September, when he told the Financial Times that AI will “create massive unemployment and a huge rise in profits,” attributing it to the capitalist system.

In fact, evidence is mounting that AI is shrinking opportunities, especially at the entry level, and an analysis of job openings since OpenAI launched ChatGPT shows they plummeted roughly 30%.

And this past week, Amazon announced 14,000 layoffs, largely in middle management. While CEO Andy Jassy said the decision was due to “culture” and not AI, a memo he sent in June predicted a smaller corporate workforce “as we get efficiency gains from using AI extensively across the company.”

Despite the potential downside for workers, Hinton also sees benefits from AI. When asked if he would go back in time and stop AI from developing, he paused and said he doesn’t know.

“It’s not like nuclear weapons, which are only good for bad things,” he explained. “It’s a difficult decision because it can do tremendous good in healthcare and education. It’ll do tremendous good, and in fact if you think about it increasing productivity in many, many industries, that should be good.”

The problem ultimately is not due to AI itself, but “on how we organize society,” Hinton added.