AU: Regulator’s preliminary findings did not indicate Qantas breached privacy obligations
Australia's privacy regulator conducted a preliminary inquiry into a 2025 Qantas data breach that exposed 5.67 million customer records and found no indication the airline likely violated the country's privacy obligations. The Office of the Australian Information Commissioner has not issued a final determination.
Why this matters: Nearly six million people had their data exposed, and the regulator's early read is that nobody broke the rules. That gap is worth paying attention to. It means Australian privacy law may simply not require enough from companies holding this much personal data. A breach this large affecting this many people, with no likely violation found, is not a clean bill of health for Qantas. It is a signal that the law itself may not be setting the bar high enough.
Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy
This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.