Qantas has become the latest airline to suffer a cyber attack, with data belonging to around six million customers potentially exposed in the incident.
In a statement confirming the breach, the airline said compromised data includes some customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The company insists that no credit card details, passport information, or assorted financial details have been exposed. Similarly, no account passwords, PIN numbers, or login details have been accessed.
On Monday, Qantas spotted unusual activity on a third-party platform used by a Qantas airline contact center. The airline said it took immediate action upon discovery and is now implementing additional security measures to further restrict access.
Qantas said it has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as the Australian Federal Police.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” said Qantas Group CEO Vanessa Hudson.
“We are contacting our customers today and our focus is on providing them with the necessary support.”
Who’s behind the Qantas cyber attack?
While there’s no official word on which group carried out the attack, cybersecurity experts told ITPro all eyes will likely be pointing toward the notorious Scattered Spider group.
Scattered Spider has caused havoc in the retail sector in recent months, targeting UK retailers including Harrods, Co-op and Marks & Spencer (M&S).
The group now appears to be shifting its attention, however. An FBI advisory last week warned the group is now targeting organizations in the aviation industry.
The ransomware gang is believed to be responsible for recent attacks on Hawaiian Airlines and Canada’s WestJet.
Toby Lewis, global head of threat analysis at Darktrace, said the Qantas attack bears all the hallmarks of the group so far.
“The attack follows their typical playbook: steal legitimate login credentials to walk into systems where critical security protections often aren’t enabled by default, while operating from Western countries to appear as legitimate users and bypass standard security filters,” Lewis told ITPro.
“Expect the stolen customer data – names, emails, birthdates, frequent flyer numbers – to fuel convincing phishing campaigns targeting loyalty programs and tricking customers with fake payment requests using real booking details.”
It’s not known whether Qantas has received a ransom demand – and, if so, whether it’s paying up.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
