Qantas' Disaster Date Hack Exposes Serious Flaw in Limping Roo's IT Systems
Qantas has been left reeling from a massive cyber hack at its Philippines call centre, exposing the details of six million customers. The breach, which occurred when a cyber criminal targeted a third-party customer servicing platform, highlights a serious flaw in the airline's IT systems.
The incident comes less than two years after Qantas was caught selling tickets on ghost flights that resulted in record fines from the competition regulator, as well as a string of other systems failures in recent years. Judging from the extent of the hack, it appears that Qantas' systems are still inadequate, allowing criminals to gain access to sensitive customer information.
The exposed details include names, addresses, emails, and frequent flyer points data. The information gained by cyber criminals can be used to build fake IDs for identity theft. This is a stark reminder of the importance of robust IT security measures, particularly in industries that handle vast amounts of personal data.
A Lack of Transparency and Governance
Qantas' response to the breach has been met with criticism, with many questioning why the airline took 48 hours to inform its customers and investors. The company's statement to the Australian Securities Exchange attributed the incident to a third-party call centre, but data security professionals argue that this is just as negligent as securing Qantas' own environment.
Furthermore, the lack of transparency and governance in IT systems is a recurring issue for Qantas. In May 2024, the airline confirmed a technology issue with its mobile app that exposed personal details of other travellers. Similarly, a recent IT system outage grounded Qantas flights across Australia, causing significant delays and passenger frustration.
A Pattern of Poor IT Management
Qantas' IT systems failures have become an unfortunate regularity in recent years. In September 2023, the airline attempted to implement a new cloud-based cargo management system, resulting in significant disruptions to cargo operations. Perishable goods, including human remains and live animals, were left stranded at airports due to the system failure.
In late 2022, an IT system outage caused Qantas flights across Australia to be grounded, with crews switching to manual flight planning to avoid cancellations. The airline's inability to process refunds during the mass cancellations of flights during the COVID pandemic was also attributed to its systems.
A Call for Better IT Systems
Observers and insiders have long considered that Qantas underinvested in its IT systems, particularly during Alan Joyce's tenure. However, a major project is now underway, with a "multi-million dollar" investment in new technology over three years to transform the way customers connect with Qantas.
This initiative encompasses a complete overhaul of Qantas.com, which was due to commence in mid-2024, with the goal of making the website significantly faster and easier to use. However, it remains unclear how strong management's commitment is to bringing better IT systems into the airline.
The Human Cost
For Qantas' customers, this latest breach can only mean more frustration and concern about their personal data being compromised. The airline's customer-facing website is now over a decade old, with many groups on social media complaining about Qantas' systems.
As the company's annual results approach next month, it will be interesting to see how this incident affects executive bonuses and directors' pay. Just how Qantas deals with this breach of its customers' details will also be instructive, particularly given the lack of transparency in its IT systems.
A Call for Action
For all the victimhood on display from Qantas so far, cyber criminals only get in where they can. This is just the latest area where Qantas needs to lift its game. Will this latest cyber breach affect your decision to fly Qantas? Only time will tell, but one thing is certain – the airline must take immediate action to address its IT systems failures and provide better protection for its customers' data.