Australian airline Qantas has confirmed it has suffered a data breach which has exposed the personal information of more than six million of its customers.
The airline says it detected unusual activity on Monday June 30 on a third party platform used by a Qantas airline contact centre.
Qantas took immediate steps to secure the platform and contain the system.
It is understood there are around six million customers that had service records on that platform.
The airline is still investigating exactly how much data has been stolen but it says it expects it to be significant.
There are have been attacks on other airlines recently including WestJet, Hawaiian and Alaskan Airlines from a criminal hacker group called Scattered Spider.
Qantas is yet to establish if these same hackers are responsible for this breach.
“The US Federal Bureau of Investigations (FBI) recently provided warning that the cybercriminal group Scattered Spider had been targeting the airline sector, impersonating legitimate users to gain access to systems and bypass multi-factor authentication (MFA), one of the most effective methods of preventing breaches,” says Elliot Dellys, CEO of Australian cyber security company Phronesis Security
“It would therefore be little surprise if the Australian aviation sector had come within its crosshairs, as a high value target with a complex, and historically challenging, environment to secure.
“Scattered Spider (also known as UNC3944) is a fascinating threat actor of growing concern. Rather than being composed of a centralised command and control structure like Russian ransomware groups, it is believed to be composed of a disparate group of young hackers living in the United States and United Kingdom.”
The data that was stolen in the Qantas breach includes customer names, email addresses, phone numbers, birth dates as well as frequent flyer numbers.
But Qantas did confirm that other important information like credit card details, personal financial information and passport details we’re not exposed as they were not held in the hacked system.
Qantas says no frequent flyer accounts were compromised nor have passwords, PIN numbers or any other login details being accessed.
The airline is continuing its own investigation but says it will be placing additional security measures in place to restrict access to the compromised system while strengthening system monitoring and detection.
Qantas has also notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
The Australian Federal Police has also been notified and the airline will continue to support these agencies.
Qantas has set up a dedicated customer support line along with the dedicated page at qantas.com to keep customers updated with the latest information.
As more details come to hand Qantas will share those updates via the website and their social channels.
“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” says Qantas CEO Vanessa Hudson.
“Our customers trust us with their personal information and we take that responsibility seriously.
“We are contacting our customers today and our focus is on providing them with the necessary support.
“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.”
Qantas customers can contact the dedicated support line on 1800 971 541 or +61 2 8028 0534 and will be given access to identity protection specialists and other resources.
