A cyber hacker broke into a database containing the personal information of millions of customers, Qantas said, in Australia’s biggest breach in years and a setback for an airline rebuilding trust after a reputational crisis.
The hacker targeted a call centre and gained access to a third-party customer service platform containing six million names, email addresses, phone numbers, birth dates and frequent flyer numbers, Qantas said in a statement yesterday.
The airline did not specify the location of the call centre or customers whose information was compromised. It said it learnt of the breach after detecting unusual activity on the platform and acted immediately to contain it.
“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” Qantas said, reporting no impact on operations or safety.
Last week, the US Federal Bureau of Investigation said cybercrime group Scattered Spider was targeting airlines and that Hawaiian Airlines and Canada’s WestJet had already reported breaches. Qantas did not name any group.
“What makes this trend particularly alarming is its scale and co-ordination, with fresh reports that Qantas is the latest victim” of a hack, said Mark Thomas, Australia director of security services for cyber security firm Arctic Wolf.
Scattered Spider hackers are known to impersonate a company’s tech staff to gain employee passwords and “it is plausible they are executing a similar playbook”, Thomas said.
Charles Carmakal, chief technology officer of Alphabet-owned cybersecurity firm Mandiant, said it was too soon to say if Scattered Spider was responsible but “global airline organisations should be on high alert of social engineering attacks”.
Qantas’ share price was down 2.4 per cent in afternoon trading against an overall market that was up 0.8pc.
The breach is Australia’s most high-profile since those of telecommunications network operator Optus and health insurance leader Medibank in 2022 prompted cyber resilience laws including mandatory reporting of compliance and incidents.
It brings unwelcome attention to Qantas which is trying to win public trust after actions during and after the Covid-19 pandemic saw it plunge on airline and brand league tables.
&uuid=(email))