Qantas has confirmed that nearly six million customers have had their personal data compromised in a recent breach.
The Australian airline said that most (four million) of those affected had their name, email address and Qantas Frequent Flyer details exposed in the incident. Of these individuals, 1.2 million had only their name and email compromised.
Of the remaining 1.7 million:
- 1.3 million customers had their residential and/or business address compromised
- 1.1 million had their date of birth compromised
- 900,000 had records including their mobile, landline or business phone number revealed
- 400,000 had their gender exposed
- 10,000 had details on meal preferences stolen
Those affected are currently being emailed by the airline to notify them of the specific data types taken in the raid.
Qantas claimed that there’s no evidence the stolen data has been released. It also confirmed that no card, financial or passport data was compromised – nor were passwords, PINs or logins.
However, even limited personal information like names, email addresses and frequent flyer numbers could be used by fraudsters to make phishing campaigns more convincing. These could be designed to elicit more sensitive financial information if, for example, scammers sent emails/texts impersonating Qantas.
Just days before Qantas revealed news of the data breach, the FBI warned that threat actors from the infamous Scattered Spider collective were targeting the airline industry, although it’s still unclear whether they are responsible for this incident.
Read more about the Qantas cyber-attack: Qantas Reveals “Significant” Contact Center Data Breach
The Australian firm did confirm on Monday that an unnamed threat actor had contacted it, perhaps in a bid to extort the company.
The original attack bore some of the hallmarks of a Scattered Spider campaign, given that it involved the targeting of a call center.
Actors linked to the group, many of whom are native English speakers, are known to be adept at socially engineering IT helpdesk and call center staff into handing over or resetting passwords.
In this case, they were able to gain access to a third-party customer servicing platform, and from there, data on 5.7 million Qantas customers.
Qantas Responds
Qantas group CEO, Vanessa Hudson, said the firm had taken additional security measures to help prevent a similar event occurring in the future.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support,” she added.
The airline urged customers affected by the breach to:
- Stay on the lookout for phishing emails, texts and phone calls, especially when the sender/caller purports to be from Qantas
- Use multi-factor authentication (MFA) on all email and other accounts
- Stay up to date on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch site
- Never provide any online account passwords, or personal or financial information, to ‘officials’ who get in touch over the phone/via email or text
- Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for more information on how to protect personal data
Image credit: Art of Ngu / Shutterstock.com
No tags.
