Qantas has confirmed 5.7 million customers data was compromised in last week’s data breach but the airline says there is no evidence any of that data has been released by the hackers.
But cyber security experts are still actively monitoring the web.
It has been confirmed no credit card details, personal financial information or passport details were stored in the compromised system and were therefore out of reach of the hackers.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Qantas Group Chief Executive Officer Vanessa Hudson said.
“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data and are continuing to review what happened.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.”
Qantas says there is also no impact to Qantas Frequent Flyer accounts as passwords and pins and login details were also not accessed or compromised.
After security experts removed duplicate records, the investigation concluded that there were 5.7 million unique customers’ data held in the system with specific data fields varying from customer to customer.
An analysis of customers’ personal data has found:
– 4 million customer records are limited to name, email address and Qantas Frequent Flyer details.
Of this:
– 1.2 million customer records contained name and email address.
– 2.8 million customer records contained name, email address and Qantas Frequent Flyer number.
Of the remaining 1.7 million customers, their records included a combination of some of the data fields above and one or more of the following:
– Address – 1.3 million. This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
– Date of birth – 1.1 million
– Phone number (mobile, landline and/or business) – 900,000
– Gender – 400,000. This is separate to other gender identifiers like name and salutation.
– Meal preferences – 10,000
Qantas is continuing to contact affected customers to update them about the types of their personal data that was contained in the impacted system.
Customers can continue to access the dedicated support line on 1800 971 541 or +61 2 8028 0534. This service is available 24/7 and customers have access to specialist identity protection advice and resources through this team.
Qantas is advising affected customers to:
– Remain alert, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels.
– Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts.
– Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage.
– Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and
– Do not provide your online account passwords, or any personal or financial information. Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.
