Qantas Details Impact of Data Breach on 5.7 Million Customers

In a recent development, Qantas has announced that it is taking proactive steps to inform and assist the 5.7 million customers whose personal data was compromised in a cyber incident at one of its call centres based in Manila, Philippines last week.

The airline has conducted a thorough forensic analysis of the breach, which revealed that sensitive information such as credit card details, personal financial information, passport details, and passwords were not stored on the compromised system. Consequently, these critical pieces of data were not accessed during the incident.

However, the investigation did uncover that for approximately 4 million customers, the breach was limited to names, email addresses, and Qantas frequent flyer details. Within this group, a significant number of records contained additional information such as member's tier status, points balances, and status credits.

A Detailed Breakdown of the Breached Data

According to Qantas, the compromised records for this group included:

  • 1.2 million records with a name and email address only
  • 2.8 million records with a name, email address, and frequent flyer number, including tier status information
  • A smaller subset of these records also had points balances and status credits included

In contrast, the remaining 1.7 million customers saw their records compromised for a combination of data fields, including:

  • Address
  • Date of birth
  • Phone numbers
  • Gender
  • Meal preferences

A Proactive Response from Qantas

Qantas group CEO Vanessa Hudson has emphasized the airline's commitment to transparency and customer support since the incident. She stated, "Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible."

Hudson also highlighted that additional cyber security measures have been implemented since the incident and that the airline is in close contact with relevant authorities, including the National Cyber Security Coordinator, the Australian Cyber Security Centre, and the Australian Federal Police.

Expert Insights and Customer Precautions

According to experts, the breach has been tentatively linked to an ongoing campaign of cyber attacks orchestrated by Scattered Spider, a hacking collective known for using impersonation, social engineering, and rogue device enrolment to bypass multi-factor authentication.

Qantas is urging customers to be vigilant for potential scams, particularly those using email, text messages or phone calls that purport to be from the airline. Customers are advised to independently verify the identity of any caller and are reminded that Qantas will never request passwords or sensitive login information.

A Dedicated Support Line

To assist customers with specialist identity protection advice, a dedicated 24/7 support line has been established. Customers can call 1800 971 541 or +61 2 8028 0534 for support and guidance on protecting their personal data.