iscover
A person claiming to be behind last week’s Qantas hack has contacted the airline.
In an update on the ASX, the Flying Kangaroo said it was still working to validate the individual and added it had also engaged the Australian Federal Police.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
The incident, which occurred seven days ago, reportedly involved cyber criminals using AI to impersonate a Qantas employee and then trick a customer service operator in Manila into divulging crucial information.
In total, hackers gained access to 6 million customer records, including names, email addresses, and phone numbers.
While no group has claimed responsibility, reports suggest that a hacking collective known as Scattered Spider may be behind the attack.
Tony Jarvis, a chief information and security officer for the business, said Scattered Spider claimed responsibility for attacks against America’s Hawaiian Airlines and Canada’s Westjet the week prior.
“Scattered Spider are thought to be native English speakers who don’t just exploit technical vulnerabilities but manipulate people, especially IT help desks, through phishing, Multi Factor Authentication (MFA) bombing, and SIM swapping to gain access,” Jarvis said.
“The unfortunate thing is that this sort of third-party attack is not unique.
“It is just one more example of why cybersecurity is a fundamental business priority across the entire supply chain – especially when defending against highly targeted tactics that bypass traditional security measures.
“How significant the impact will be to Qantas’ operations – across both digital and physical channels – and the damage to its brand and reputation remains to be seen.”
Scattered Spider is known to target multiple businesses within a single industry before moving on to new sectors. It recently hit three UK retailers: Marks & Spencer (M&S), Co-op and Harrods, before an FBI advisory said the group had shifted to targetting airlines.
It comes after Australian Aviation reported last week how Qantas pledged to tell every affected customer which parts of their data had been stolen.
“Next week we will be in a position to update affected customers on the types of their personal data that was contained in the system,” Qantas said in a statement.
“This will confirm specific data fields for each individual, which will vary from customer to customer.
“We have also increased resourcing in our contact centres to support our customers and have received more than 5,000 enquiries through our dedicated customer support line established following the cyber incident.
“Since Wednesday morning, the airline has communicated directly with its frequent flyers to notify them of the incident and to apologise that this has occurred. Frequent flyers who have not received this email should check their spam or junk folder.”
