Qantas data breach sees up to 6M customer records at risk

A Qantas data breach resulting from a cybersecurity attack has put up to 6M customer records at risk of exposure, with names, email addresses, phone numbers, and dates of birth confirmed to be included. The hack was of a contact center database operated by one of the airline’s partners …

Qantas says it is too early to determine how many customers have been affected, but says it expects it to be a “significant” proportion of the 6M total.

On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre.  We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure.

There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

Importantly, credit card details, personal financial information and passport details are not held in this system. No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.

The notification confirms that the breach occurred as a result of a hack.

BleepingComputer reports that a hacking group known as Scattered Spider may be behind the attack.

The airline is promising to contact customers today, and says that those affected will be offered advice on avoiding identity theft. The statement stops short of offering a free subscription to a protections service.

Customers with questions can call the dedicated support line on +61 2 8028 0534.

Photo by Troy Mortier on Unsplash