# Flew Qantas Recently? Hackers May Have Stolen Your Data
If you recently flew with Qantas, there's a chance your personal data may have been compromised in a massive cyber attack. The Australian airline has confirmed that hackers stole the sensitive information of 5.7 million unique customers after targeting a third-party platform used for customer support.
On Wednesday, Qantas published an update on the breach, stating that there is no evidence that any personal data stolen from Qantas has been released. However, with the help of specialist cyber security experts, the airline continues to actively monitor the situation.
The hackers exploited a vulnerability in the third-party platform to steal sensitive customer information, including names, email addresses, physical addresses, dates of birth, and phone numbers. Unfortunately, credit card numbers and passport details were not compromised as they were not stored in the affected IT system.
The type of information stolen will vary between customers. For example, 4 million of the affected customer records only contained name, email address, and possibly Qantas Frequent Flyer details. However, another subset of 1.1 million users had their dates of birth exposed.
The cybercriminal group responsible for the attack is believed to be Scattered Spider, a notorious gang that has been targeting the airline sector in recent days. They have previously made headlines for hacking MGM Resorts and causing widespread disruption at the casino provider.
Scattered Spider is known for using social engineering tactics, such as impersonating employees or IT support, to infiltrate corporations. The gang has a history of stealing confidential data and installing ransomware in an effort to extort millions from victim companies.
An extortion attempt may have already been made against Qantas. On Monday, the airline confirmed that "a potential cyber criminal has made contact" and are currently working to validate this claim. As a result, they have engaged the Australian Federal Police and will not be disclosing further details about the contact.
In the meantime, affected users can expect to receive an official email from Qantas with more specifics on the data stolen. However, the airline is also warning customers to watch out for phishing emails or phone calls that impersonate the Qantas brand.
To avoid falling victim to such scams, Qantas advises customers to "always independently verify the identity of the caller by contacting them on a number available through official channels."
It is essential for customers who have flown with Qantas recently to stay vigilant and take necessary precautions to protect their personal data. The airline's proactive response to this incident is a testament to their commitment to customer safety and security.