Qantas Data Breach Impacts 5.7 Million Individuals
Australia's largest airline, Qantas, has confirmed that a recent cyberattack has compromised the personal data of 5.7 million customers. The breach, linked to ongoing Scattered Spider activity, was detected and contained on Monday. While the system is now secure, a substantial amount of data is likely to have been stolen during the incident.
The breach occurred when hackers accessed a third-party platform used by Qantas' contact centre. The company has confirmed that while core systems remain secure, customer service records may have been compromised, including names, emails, phone numbers, birth dates, and frequent flyer numbers. No financial data, passport details, passwords, or login credentials were affected.
No credit card information was accessed, and Frequent Flyer accounts remain secure. The analysis of customers' personal data has found that customer records are based on unique email addresses and customers with multiple email addresses may have multiple accounts.
Qantas Responds to the Incident
CEO Vanessa Hudson emphasized Qantas' focus on transparency and customer support since the incident was discovered. "Our absolute focus has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible," she said.
"From today, we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services."
Additional Cybersecurity Measures
Qantas has implemented additional cybersecurity measures to prevent similar incidents in the future. The airline has notified the Australian Cyber Security Centre, the Privacy Commissioner, and the Federal Police due to the criminal nature of the breach.
The company has also warned customers to watch for phishing emails pretending to be from Qantas and has advised them to report any suspicious activity to the relevant authorities.
Scattered Spider: A Growing Threat
The FBI has reported that Scattered Spider, a cybercrime group targeting the airline sector, is using social engineering techniques to gain access to target organizations. These techniques often involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.
Preventing Ransomware Attacks
The FBI recommends that organizations quickly report any suspected ransomware attacks, as this helps the agency act fast, share intelligence, and limit damage. The agency is actively working with aviation and industry partners to address this activity and assist victims.
"Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise," says the FBI alert. "Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware."
Unit 42 Warns of Muddled Libra
Unit 42, a cybersecurity firm, has also warned that Muddled Libra (also known as Scattered Spider) is targeting the aviation industry with advanced social engineering and fake MFA reset attempts.
What You Can Do
Customers who have been affected by the Qantas data breach are advised to watch for phishing emails pretending to be from the airline. They can also report any suspicious activity to the relevant authorities, such as the Australian Cyber Security Centre or the Privacy Commissioner.
"We will continue to work tirelessly to protect our customers' personal data and prevent similar incidents in the future," said CEO Vanessa Hudson.