PrivacySignal
Breach

AU: Regulator’s preliminary findings did not indicate Qantas breached privacy obligations

DataBreaches.net · · International · Data Breaches

Australia's privacy regulator conducted a preliminary inquiry into a 2025 Qantas data breach that exposed 5.67 million customer records and found no indication the airline likely violated the country's privacy obligations. The Office of the Australian Information Commissioner has not issued a final determination.

Why this matters: Nearly six million people had their data exposed, and the regulator's early read is that nobody broke the rules. That gap is worth paying attention to. It means Australian privacy law may simply not require enough from companies holding this much personal data. A breach this large affecting this many people, with no likely violation found, is not a clean bill of health for Qantas. It is a signal that the law itself may not be setting the bar high enough.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Breach
BleepingComputer · · International

23andMe to pay $18 million in new genetics data breach settlement

Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data. [...]

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →
Breach
The Guardian — Tech · · International

TikTok facing UK investigation amid fears over age checks and harm to children

Ofcom concerned TikTok’s age verification is ineffective, leaving some exposed to posts on suicide, self-harm and pornography TikTok is under formal investigation over concerns it has failed to protect children from harmful content, the UK’s online regulator, Ofcom, has announced. The social media platform’s approach to checking the ages of users has sparked “particular concerns” at the watchdog, almost a year after measures to protect children from the worst of online content came into effect under the Online Safety Act. Continue reading...

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement#regulation Read original →
Breach
HIPAA Journal · · US Federal

Vision Care Providers Settle Data Breach Class Actions

Two vision care providers, Total Vision in California and Naperville-area provider Naper Vision, have agreed to settlements resolving class action lawsuits stemming from data breaches. The cases were brought under health data privacy frameworks, with affected patients seeking compensation for the exposure of their personal and medical information.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
Microsoft Threat Intelligence · · International

Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery

Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This analysis breaks down the attack chain, payload delivery, and recommended defenses. The post Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery appeared first on Microsoft Security Blog.

Who should care: Cybersecurity · Privacy officers · Administrators

#breach#security Read original →
Breach
DataBreaches.net · · International

Calgary 911 employee charged with breach of trust

A City of Calgary 911 employee has been charged with breach of trust after an investigation found she allegedly accessed and shared confidential information outside authorized channels. Calgary police say the investigation began in January following internal allegations about the unauthorized disclosure of sensitive data.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →