Hackers steal Qantas customer data

“On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure,” the Flying Kangaroo said in a statement.

“There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.

“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

“Importantly, credit card details, personal financial information and passport details are not held in this system. No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.”

Qantas says it is investigating the incident, and that it has put “additional security measures in place to further restrict access and strengthen system monitoring and detection”.

“Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues,” the airline said.

VIEW ALL

“Qantas has established a dedicated customer support line as well as a dedicated page on qantas.com to provide the latest information to customers. We will continue to share updates including via our website and social channels.”

Vanessa Hudson, chief executive of Qantas, has apologised to customers for the breach, with “specialist identity protection advice and resources” now available through a dedicated support line on 1800 971 541 or +61 2 8028 0534.

“We recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” she said.

“We are contacting our customers today and our focus is on providing them with the necessary support.

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.”

While the identity of the cyber-criminals responsible has not been confirmed, the North American aviation sector has recently been hit by several attacks, including against Hawaiian Airlines and Canadian carrier WestJet.

The FBI last week issued a warning about the criminals believed to have carried out the attacks, known collectively as “Scattered Spider”.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access,” the agency said on social media.

“These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.

“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.”