Share
The personal information of over five million Qantas customers has been illegally published on the dark web, months after a major cybersecurity breach targeting the airline’s customer servicing platform.
The data was released by a hacker collective known as Scattered Lapsus$ Hunters after the deadline for a ransom payment passed.
The incident, which is considered one of Australia’s most high-profile cyberattacks since 2022, has prompted warnings from the Australian government and cybersecurity experts about an expected surge in related scams. Federal politicians were reportedly among those whose home addresses were leaked.
The cyber criminals did not breach Qantas’s main network directly but rather targeted a third-party customer call centre in June, gaining unauthorised access to the airline’s customer servicing platform.
Google’s analysis suggested the hackers used a method of social engineering, where they called the call centre and impersonated IT support staff.
They successfully convinced legitimate employees to grant them access to the Salesforce software platform, which housed the sensitive customer data.
Salesforce has confirmed the breach was not due to a software vulnerability on their platform but resulted from staff falling for the deceptive calls.
The scale of the data stolen varies among the five million affected customers, but the leaked information includes:
- Customer names and email addresses.
- Frequent Flyer numbers.
- Home and business addresses.
- Dates of birth, phone numbers, and gender.
- Meal preferences for some customers.
Qantas has confirmed that no identity documents, credit card details, passwords, or PIN numbers were compromised, and the hackers did not gain access to individual Frequent Flyer accounts. The airline has since emailed all affected customers, detailing the exact types of information stolen from their personal records.
Potential Threats and Legal Action
Despite Qantas obtaining an injunction from the NSW Supreme Court to prevent the stolen data from being accessed or published, authorities anticipate scammers will inevitably use the information.
Experts warn that the leaked Frequent Flyer details are particularly dangerous, as they can be used to craft highly convincing fake flight rescheduling emails or fraudulent reward redemption offers to trick customers into giving up even more sensitive details. Qantas has already reported a rise in scammers impersonating the airline.
The government and privacy regulators are now under pressure to assess whether Qantas breached its security obligations, which could lead to substantial fines. Furthermore, a leading class action law firm, Maurice Blackburn, has already lodged a complaint and is flagging a possible class action to seek compensation for affected customers, similar to cases following the Optus and Medibank breaches.
Comments Dr. Ilia Kolochenko, CEO at ImmuniWeb and a Fellow at the British Computer Society (BCS):
“Given that Qantas has many millions of customers and only 5 million records were leaked, we may conclude that the data breach has likely occurred because of a compromised third party or an isolated system operated by Qantas, its vendors or subsidiaries.
“While there is no reason to panic, victims of the data breach may suffer fairly serious and long-lasting consequences. They should stay vigilant, enable MFA on all their online accounts, and report any suspicious activity to both Qantas and police.”
Advice for Affected Customers
If you believe you have been affected by the Qantas data leak, authorities advise taking the following immediate steps to protect yourself:
- Hang Up on Cold Calls: If you receive an unexpected call from someone claiming to represent Qantas or any other legitimate business, hang up immediately. Call the company back using their official, published contact number to verify the communication. Do not trust the caller ID, as it can be spoofed.
- Verify Emails: Be highly suspicious of any email regarding your Qantas account. Ensure the sender’s address ends strictly in the official domain: -qantas.com or qantas.com.au. Do not click on links in emails ending in imitations like qantas.net or qantas.biz.
- Strengthen Security: The national privacy regulator recommends immediately changing your email account password and enabling two-step or multi-factor authentication on all online accounts where possible.
- Seek Identity Protection: Qantas is offering a 24/7 support hotline and specialist identity protection advice for affected customers. Utilise these resources for specific guidance on monitoring your identity.
Related Posts
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.
