Qantas reveals massive data breach - 6 million customers possibly affected, here's what we know

News
By published

Australia's largest airline suffers a data breach

Airplane
(Image credit: Pixabay)
  • Unidentified threat actors target Qantas call center
  • This allows it to gain access to sensitive customer data
  • The attack is most likely the work of Scattered Spider, experts claim

Yet another major airlines has been hit by a major cyberattack after Qantas, the largest flight provider in Australia, confirmed it had been targeted

In a press release published on the company’s website, Qantas said it spotted the intrusion after a threat actor targeted a call center, and accessed a third-party customer servicing platform.

The name of the platform was not disclosed, but Qantas said six million customers have service records there.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

View Deal

Scattered Spider

“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” the press release reads.

“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”

However, credit card details, personal financial information, and passport details, were not stolen, since these are not even held in this particular system. Therefore, passwords, PIN numbers, log in details, and frequent flyer accounts, remain uncompromised, the company confirmed.

Qantas also said the system is now contained, and that it notified relevant authorities, as well as affected individuals. The airline’s operations and safety were not endangered at any time.

The company did not say who the threat actors were, or if they tried to deploy any ransomware.

However the incident shares many similarities with other attacks recently made by the group known as Scattered Spider.

This group has not yet claimed responsibility for this attack - but in recent weeks, multiple reports have emerged of airlines being hit by cyberattacks, with Hawaiian Airlines confirmed suffering an attack and both WestJet and GlobalX suffering the same fate recently too.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.