A cyber security expert has warned Qantas customers are still in danger of sophisticated financial scams even though no credit card or passport information was compromised in the recent data leak.
Qantas admitted 5.7 million passenger details were stolen in a data breach on June 30 from a call centre in Manila.
The airline has been open and transparent about the breach and detailed the broke down the information that was taken including names, addresses, phone numbers, dates of birth and Frequent Flyer numbers.
Qantas has insisted no financial or passport information was leaked.
But cyber security expert and Cohesity ANZ managing director Paul Henaghan says customers are still open to identity theft, phishing and other targeted scams.
“Qantas customers must stay vigilant over the next months,” Henaghan says.
“Data like booking details, seat assignments, or Frequent Flyer status can look deceptively low risk, but it’s highly valuable in the hands of threat actors.
“This information can be used for a range of rapidly evolving social engineering tactics, such as phishing and pretexting, which now account for the majority of social engineering breaches.”
Henaghan says cyber criminals could also launch scams impersonating Qantas staff.
“Cybercriminals can use flight or seat details to pose as Qantas staff and send convincing messages about cancellations, refunds, or urgent updates,” he said.
“These scams, known as social engineering, are now behind most cyberattacks globally, and AI is making them harder to spot.”
Qantas has contacted affected customers and updated them about the types of personal data that was contained in the impacted system.
Customers can continue to access the dedicated support line on 1800 971 541 or +61 2 8028 0534. This service is available 24/7 and customers have access to specialist identity protection advice and resources through this team.
