A potential cyber criminal has made contact with Qantas, the airline has confirmed, after a major attack on its network exposed the personal records of up to 6 million customers.
In a statement on Monday evening, a spokesperson for Qantas said the Australian federal police (AFP) had been engaged but the airline would not confirm if a ransom was being sought for the compromised personal data.
“A potential cyber criminal has made contact and we are currently working to validate this,” the spokesperson said.
“As this is a criminal matter, we have engaged the Australian federal police and won’t be commenting any further on the detail of the contact.
“There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.”
A spokesperson for the AFP confirmed it was investigating and said further comment would be provided at an “appropriate time”.
“The airline has been highly engaged in assisting authorities and the AFP with investigating this incident,” they said in a statement.
On 2 July, Qantas suffered a major cyber-attack, with data including customer names, email addresses, phone numbers and birth dates of up to 6 million customers potentially breached.
Qantas said a cyber criminal targeted a call centre and gained access to a third-party system that held customer information.
The company detected the unusual activity last Monday and shut it down, but believed a “significant” amount of personal information may have been taken.
The airline said the breach did not include credit card details, personal financial information or passport details.
No frequent flyer accounts were compromised, and passwords, pins and log-in details had not been accessed, the airline said.
The alleged culprit has yet to be identified but the attack has similarities to a ransomware group known as Scattered Spider.
The group has targeted airlines in the US in recent weeks by engaging in what are called social engineering attacks, or “vishing”. They involve calling the IT support for large companies, often impersonating employees or contractors to deceive IT help desks into granting access and bypassing multi-factor authentication.
The incident is the latest in a series of cyber-attacks on large companies in Australia, after the attack on Optus, Medibank and the country’s $4tn superannuation sector.
