Qantas on Wednesday confirmed that a third-party “cyber criminal” accessed one of the Australia-based carrier’s third-party customer service platforms on Monday.
“The system is now contained,” Qantas said in a statement. “There is no impact to Qantas’ operations or the safety of the airline.”
About 6 million customers have service records on the affected platform, according to the airline, and Qantas continues to investigate the proportion of the data that has been stolen, “though we expect it to be significant.” An initial review determined that the compromised data includes customers’ names, email addresses, phone numbers, birth dates and frequent-flyer numbers, according to the carrier.
Credit card details, personal financial information and passport details are not held in this system, Qantas said. “No frequent flyer accounts were compromised nor have passwords, PIN number or log in details been accessed.”
The carrier has put additional security measures in place and notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police.
Qantas said it has created a dedicated customer support line and page on its website to provide information to customers.
The Qantas breach follows an incident last week that affected Hawaiian Airlines IT systems and one on June 13 against WestJet. The latter event involved internal systems and the WestJet app, “which restricted access for several users.”
The U.S. Federal Bureau of Investigation on June 27 posted an alert on the social media platform X regarding the “cybercriminal group Scattered Spider expanding its targeting to include the airline sector.” The FBI warned that the group targets large corporations and their third-party IT providers, “which mean anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”
The FBI said it is working with aviation and industry partners to address this activity and assist victims.
Recent Comments