Six million Qantas customers have been caught up in a cyber breach, after hackers infiltrated a third-party platform used by one of the airline’s contact centres – accessing names, dates of birth, phone numbers, email addresses and frequent flyer numbers.
Key Takeaways
- Qantas has suffered a cyber breach to one of its contact centres impacting customer data.
- Six million customers have service records on the platform (which is a third-platform used by the airline).
- It says credit card details, personal financial information and passport details are not held in the system. Frequent flyer accounts, passwords, PIN numbers or log-in details were not compromised.
- Qantas says it took immediate steps and contained the system, and confirmed all Qantas systems remain secure.
Key background
Australia’s major carrier, Qantas, has today confirmed a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform. Qantas first picked up unusual activity on that platform on Monday, confirming that data stolen includes customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.
The system has since been “contained”, and Qantas is currently contacting customers to make them aware of the incident.
“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts,” Qantas chief, Vanessa Hudson, said.
Big number
6 million. That’s how many customers have service records on the platform.
What we know
We know that credit card details, personal financial information and passport details are not held in this system. Qantas also said no frequent flyer accounts were compromised, and passwords, PIN numbers and log-in details had not been accessed.
Tony Jarvis, VP and Field CISO for APJ of global cyber security firm, Darktrace, says initial reports on Qantas’ cyber breach show hallmarks of the ‘Scattered Spider’ ransomware group, which also claimed responsibility for attacks against America’s Hawaiian Airlines and Canada’s Westjet last week, and the attack against Marks & Spencer in the UK in April.
“Scattered Spider are thought to be native English speakers who don’t just exploit technical vulnerabilities but manipulate people, especially IT help desks, through phishing, Multi Factor Authentication (MFA) bombing, and SIM swapping to gain access,” he says.
Qantas has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police. It’s also established a dedicated customer support line as well as a dedicated page on its site to update customers.
What we don’t know
We don’t know exactly how much data was accessed. Qantas said it was continuing to investigate the proportion of data that was stolen, but expects the volume will be “significant”. We also don’t know how significant the impact will be to Qantas’ operations across its digital and physical channels, or the damage to its brand and reputation.
Crucial quote
“The company [Qantas] said it had taken immediate steps to contain the system, but we have seen how quickly these incidents can escalate,” Jarvis says. “The unfortunate thing is that this sort of third party attack is not unique.”
Look back on the week that was with hand-picked articles from Australia and around the world. Sign up to the Forbes Australia newsletter here or become a member here.
