Qantas has said the personal information of up to 6 million customers could have been stolen in a cyber-attack this week. What should you do if you’re caught up in the attack, and is your frequent flyer account at risk?
What caused the Qantas cyber-attack?
Qantas has said a cybercriminal targeted a call centre and gained access to a third-party system that held customer information.
The company detected the unusual activity on Monday and shut it down, but believes a “significant” amount of the personal information of customers may have been taken.
The alleged culprit of the attack has yet to be identified, but shares similarities with a ransomware group known as Scattered Spider. The group has targeted airlines in the US in recent weeks by calling the IT support for large companies, often impersonating employees or contractors to deceive IT help desks into granting access, and bypassing multi-factor authentication (MFA).
What was taken in the Qantas data breach?
Qantas is still investigating the amount of data taken but believes it includes:
-
Names
-
Email addresses
-
Phone numbers
-
Dates of birth
-
Frequent flyer numbers
The airline has said the breach did not include credit card details, personal financial information or passport details, as this information was not held by the system.
The airline said no frequent flyer accounts were compromised, and passwords, pins and log-in details have not been accessed.
Should I be worried about my Qantas frequent flyer account?
Not immediately. Qantas said no accounts were compromised.
In order to access your frequent flyer account, you need the account number, surname and a pin. Two of the three of those were accessed in the data breach – so if your pin is recycled and may have appeared in other breaches, it could be compromised.
Importantly, however, Qantas has enabled multi-factor authentication for its frequent flyer accounts, meaning when you log in, it will need to confirm either by SMS or through an authentication app (if set up) that you’re really you.
If your phone number has not been compromised by hackers (by porting your number to a new phone – typically used by hackers to get past MFA to break into online banking) then it would not be a concern. If you currently use SMS-based MFA, you should consider switching to an authentication app for a greater level of protection.
Additionally, Qantas will email you when your account is logged in for the first time on an unfamiliar device – meaning that if a hacker does manage to get in, you will know about it quickly.
Qantas says I am involved in the data breach. What can I do?
Qantas has advised customers affected by the breach that at this stage there’s no requirement to reset their password or pin.
The national cyber security coordinator, Lt Gen Michelle McGuinness, told ABC News Breakfast on Thursday that people should be on the lookout for suspicious actions, and not respond to unsolicited emails, texts or calls.
“If you think someone is reaching out to you from an official capacity, hang up or don’t respond – go and source your own number or email to reach out to that person,” she said.
She said people should ensure they have unique and strong passphrases for each account they use on the internet, always use MFA and ensure their software on their devices is up to date.
Using a password manager that is built into iOS and Android is useful to keep track of all the various accounts you maintain.
The federal government has set up a website to guide people through how to improve their cybersecurity.
