Regional Express (Rex Airlines)
Summary
Regional Express Airlines (Rex) subsidiary had indirect exposure to the HWL Ebsworth law firm data breach in 2023. The incident involved confidential legal communications between a Rex subsidiary and its client, where HWL Ebsworth acted as lawyers. No passenger details were compromised, and Rex Airlines itself was not directly affected.
What Happened
As part of the broader HWL Ebsworth ransomware attack by the ALPHV/BlackCat threat group in 2023, confidential documents belonging to a Regional Express subsidiary were potentially exposed. The exposure occurred because HWL Ebsworth acted as legal counsel for a client of the Rex subsidiary, creating an indirect connection to the stolen data.
The incident was notable because Rex's exposure was tertiary—the data related to confidential exchanges between the Rex subsidiary and its client, with HWL Ebsworth serving as the client's legal representative. This demonstrated the extended reach of supply chain data breaches in professional services environments.
Impact on Individuals
No passenger details were compromised in this incident. The affected information consisted of business communications and legal documents related to commercial matters rather than personal customer data.
Rex Airlines confirmed that the airline itself was not affected by the breach, limiting the impact to confidential business information held by the law firm on behalf of clients.
Organisational Response
Rex requested that HWL Ebsworth evaluate the stolen documents to determine the extent of potential damages from the exposure of confidential legal communications. The airline put both HWL Ebsworth and the client on notice of potential damages while reserving all its rights regarding the breach.
This incident highlighted the complexity of data breach liability in situations involving multiple parties in legal and commercial relationships, where professional service providers may hold sensitive information on behalf of clients who themselves represent third parties.