Qantas Hit by Cyberattack in Recent Data Theft Incident
▼ Summary
– Qantas confirmed it is being extorted by threat actors after a cyberattack potentially exposed data for 6 million customers, including names, emails, and frequent flyer numbers.
– The airline has engaged the Australian Federal Police and is validating the cybercriminal’s contact but won’t disclose further details due to the criminal nature of the incident.
– No financial data, passport details, or login credentials were exposed, but Qantas warned customers to watch for scams and phishing attempts.
– The breach is linked to threat actors (Scattered Spider) known for social engineering attacks, previously targeting retail and insurance sectors before shifting to aviation.
– Qantas is collaborating with cybersecurity experts and authorities, including the Australian Cyber Security Centre, to investigate the attack.
Qantas has confirmed a serious cyberattack targeting its customer data, with hackers now attempting to extort the airline following the breach. The incident potentially affects up to 6 million customers, raising alarms about identity theft and phishing risks.
The airline acknowledged contact from cybercriminals but emphasized that investigations are ongoing. “We’ve alerted the Australian Federal Police and are working closely with cybersecurity experts to verify the claims,” a Qantas spokesperson stated. The company declined to share further details, citing the active criminal nature of the incident.
The breach was first detected on July 1, traced to unusual activity in a third-party system linked to one of Qantas’ customer service centers. Exposed data includes names, email addresses, phone numbers, birth dates, and frequent flyer details. Fortunately, sensitive financial data like credit card numbers, passport information, and account passwords remained secure.
Qantas is urging customers to stay vigilant against potential scams. Legitimate communications from the airline will only originate from official qantas.com domains. The company reiterated that it will never request passwords, booking references, or personal details via unsolicited calls, texts, or emails.
This attack aligns with a broader trend targeting aviation companies by a group known as Scattered Spider, notorious for sophisticated social engineering tactics. These hackers often bypass security by impersonating employees to manipulate help desks into resetting credentials. Earlier this year, they infiltrated major retailers like Marks & Spencer before shifting focus to insurers and airlines, including WestJet and Hawaiian Airlines.
Qantas has enlisted support from the Australian Cyber Security Centre, privacy regulators, and law enforcement to mitigate the fallout. While the full extent of the damage is still being assessed, the airline assures customers that enhanced security measures are in place.
As the investigation continues, cybersecurity experts warn that affected individuals should monitor accounts for suspicious activity and enable multi-factor authentication where possible. Qantas has yet to respond to additional inquiries regarding the extortion demands, but updates are expected as new details emerge.
(Source: Bleeping Computer)
