Qantas is warning a “significant” amount of customer data has likely been stolen from its records during a cyber attack.
The airline has released a statement saying that, on Monday, it detected unusual activity on a third-party platform used by a Qantas airline contact centre.
The airline said 6 million customers had service records in this platform.
Qantas said it was investigating the proportion of the data that had been stolen, though it expected it would be “significant”.
The airline has been contacting customers with generic emails, telling them that they will receive further communications “shortly” if their data has been “potentially compromised”.
Previous breaches on major Australian companies including Medibank and Optus have highlighted how cyber attacks can see people’s data used as a bargaining threat to make companies pay a ransom.
Another concern for Qantas customers is that their personal data could be onsold and then used to conduct fraud.
Names, contact details, birth dates, frequent flyer numbers compromised
An initial review confirmed the data included some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers, the airline said.
“Importantly, credit card details, personal financial information and passport details are not held in this system,” the statement read.
“No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.”
Qantas said the system had been quarantined and affected customers would be notified.
Chief executive officer Vanessa Hudson apologised to those impacted and recognised the “uncertainty this will cause”.
“Our customers trust us with their personal information and we take that responsibility seriously,” she said in a statement.
The airline has established customer support lines and says it will also maintain a dedicated page on its website to keep customers updated.
Cyber firm says attack has hallmarks of international hacking group
Leading cybersecurity firm CyberCX has been working with Qantas over the past 24 hours to address the incident.
A spokesperson for CyberCX has told ABC News the incident has all the hallmarks of an attack from the so-called Scattered Spider hacker group, which is targeting individual business sectors one by one.
Most recently, it has been known for attacks on the financial and insurance sectors. However, over the weekend, US authorities said it expanded its targets to include the airline sector.
In a statement posted to X, the FBI said the cybercriminal group targeted “large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk”.
“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” it said.
“The FBI is actively working with aviation and industry partners to address this activity and assist victims.”
Qantas would not confirm whether it was the target of Scattered Spider.
“Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner,” the airline’s statement said.
“Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.“
The AFP said it was “aware” of the matter but declined to comment further.
Loading…
