Qantas has confirmed 5.7 million customers were impacted in last week’s cyber attack.
Qantas Group chief executive Vanessa Hudson said the airline is focused on understanding what details of their data have been compromised and will let them know as soon as possible.
“From today, we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services,” she said.
The airline said it was carrying out a “forensic analysis” of the data that was compromised.
After duplicate records were accounted for, 4 million customers had their name, email address and frequent flyer numbers exposed to the attack.
Out of those records, 1.2 million only contained names and email addresses.
Of the 2.8 million who had their frequent flyer numbers in the system that was accessed, “a smaller subset” also had their points balance and status credits included.
A further 1.7 million customers had more data on the compromised records, including address, date of birth, phone number, gender and meal preferences.
“Qantas is progressively emailing affected customers to advise them of the types of their personal data that was contained in the impacted system and provide advice and support,” the company said.
Airline advises customers to ‘stay alert’
Earlier this week, the airline revealed it had been contacted by a “potential cybercriminal” and said it was working with the Australian Federal Police to verify the legitimacy of the contact.
In its latest update, Qantas urged customers to “stay vigilant to any misuse of their personal information” and take general precautions.
The advice included remaining alert to communications, including emails, texts and phone calls, purporting to be from the airline, using two-factor authentication for personal accounts and staying across threat and scam notifications.
“Do not provide your online account passwords, or any personal or financial information,” the statement noted.
“Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.“
It said customers who believed they have been targeted by scammers could report it to Scamwatch, a service run by Australia’s consumer watchdog.
Dozens of Qantas customers have contacted the ABC in the wake of the cyber attack to express their frustration at the airline, including some who had been targeted by scammers or received alerts about attempts to access accounts.
