https://www.troyhunt.com/court-injunctions-are-the-thoughts-and-prayers-of-data-breach-response
When data breaches occur, companies often turn to court injunctions as a response, much like how people offer “thoughts and prayers” after a tragedy without taking meaningful action. Troy Hunt, the operator of the data breach notification service Have I Been Pwned, examines the limitations of these injunctions and how they fail to protect customers whose data has been compromised.
Troy cites the example of the Australian law firm HWL Ebsworth, which was granted an injunction prohibiting the hacker group ALPHV from publishing the stolen data. However, the hackers responded by simply dumping the data, highlighting the futility of such legal measures against determined criminals. Furthermore, these injunctions also restrict the ability of journalists, security firms, and services like Have I Been Pwned from accessing and disseminating the information, which could potentially help affected customers.
In the case of the Qantas data breach, where the personal information of 5.7 million customers was stolen, the airline also obtained a court injunction. However, as Hunt points out, this will not stop the hacker group Scattered LAPSUS$ Hunters from publicly releasing the data unless a ransom is paid. The injunction only applies to law-abiding individuals and organisations in Australia, leaving the majority of the data exposed. Troy argues that these injunctions provide little to no meaningful protection for customers and serve only to create a false sense of security, much like “thoughts and prayers” offered in the aftermath of a tragedy.