Millions of Qantas customers targeted in cyber attack

In a concerning turn of events, millions of Qantas customers have fallen victim to a devastating cyber attack that has exposed sensitive customer data. According to Qantas, the airline's unique customer data for 5.7 million people was stolen in last week's cyber attack. The breach has raised serious concerns about fraud and identity theft, with experts warning that criminals could use the stolen data to deceive other organizations into providing further details.

The scope of the breach: what was stolen?

  • 1.3 million residential or business addresses, including hotels for misplaced baggage delivery
  • Four million customer records containing names, email addresses, and Qantas Frequent Flyer numbers
  • Meal preferences for 10,000 customers
  • Around 900,000 phone numbers compromised
  • The gender details of 400,000 people stolen

Patrick Sharp, general manager of Aura Information Security, warns that the real risk lies in the potential for hackers to piece together this information to use it against other organizations. "The real risk is that someone's going to be able to patch this sort of information together to use it to fool another organisation into giving them details," he said.

How can victims protect themselves?

Sharp advises potential victims of fraud or suspected fraud to take the following steps:

  • Freeze or suppress credit reports with agencies like Illion, Equifax, and Centrix
  • Avoid sharing personal information with anyone who contacts you claiming to be from a bank or other organization
  • Never share bank login details with someone who is trying to contact you
  • Log in to your bank's website through the app and log in separately there, rather than trusting the person on the phone

"They shouldn't give any more information to that person or try to interact with that person," Sharp said. "You should just go independently to your bank's website through the app and log in separately there."

Key issues raised by the Qantas breach

The scale of the breach has highlighted key issues around data collection and retention, according to experts. Patrick Sharp notes that companies like Qantas should not collect more information than they need, and should not retain it for longer than necessary. "We don't know in this case, but in previous breaches in Australia, for instance Medibank, these companies have retained information for much longer than they needed to, therefore exposing more people," he said.

Regulation: the only way to prevent such breaches

Sharp believes that stronger regulation is necessary to ensure that companies like Qantas are diligent about data protection. "In terms of what needs to change, the only way to really get businesses to be really diligent about that is through stronger regulation," he said.

Airline responds to breach

Qantas has contacted customers to provide specific details of stolen data, and has progressed its forensic analysis of customer data in the compromised system. The airline has stated there is no evidence that personal data was stolen from Qantas and had been released, but specialist cyber security experts are monitoring the situation.

Hawaiian Airlines and WestJet also targeted by cyber attacks

Qantas is not the only airline to have fallen victim to a cyber attack this year. Hawaiian Airlines was targeted in a similar breach just last month, while Canada's WestJet has also been affected.

FBI warns of Scattered Spider hacker group

The FBI recently warned about the Scattered Spider hacker group, which is known for using social engineering techniques to gain access to sensitive information. Experts have confirmed that the Qantas breach was carried out by this group.