Qantas Data Breach: 6 Million Customers Affected, Significant Data Likely Compromised
Discover the details of the Qantas data breach, affecting 6 million customers. Learn how to protect yourself and stay informed.
TL;DR
Qantas, Australia’s largest airline, confirmed a data breach affecting 6 million customer records. The breach, likely due to social engineering, exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Financial information was not compromised. The airline is working with authorities and has set up support for affected customers.
Main Content
Australia’s largest airline, Qantas, has confirmed a significant data breach affecting approximately 6 million customer records. The incident involved unauthorized access to a third-party customer servicing platform, likely through social engineering targeting a call center.
Qantas assured customers that its core systems remain secure, with no impact on the airline’s operations or safety. However, the airline anticipates that a substantial amount of data has been compromised:
“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.”
Compromised Data
An initial review confirmed that the breached data includes:
- Customer names
- Email addresses
- Phone numbers
- Birth dates
- Frequent flyer numbers
Fortunately, credit card details, personal financial information, and passport details were not stored in the affected system.
Response and Mitigation
Qantas responded swiftly by isolating the affected system, notifying customers, and collaborating with the Australian Cyber Security Centre, the Australian Federal Police, and independent cybersecurity experts.
The breach is particularly concerning as Qantas had recently enhanced its third and fourth-party cyber-risk governance processes in 2024. In a report released at the time, the airline explained:
“Third- and fourth-party cyber risk involves managing cyber risks from our direct suppliers (third parties) and their suppliers (fourth parties), who can affect our supply chain directly or indirectly through cyber incidents.”
No group has claimed responsibility for the attack yet, which is common in ransomware incidents. Notably, the FBI recently issued a warning about ransomware attacks targeting airlines:
“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.
Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims. Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise. If you suspect your organization has been targeted, please contact your local FBI office.”
Qantas has established a dedicated customer support line and a web page to keep customers informed. The airline will also provide updates via its social channels.
Protecting Yourself After a Data Breach
If you suspect you may have been affected by a data breach, consider the following steps:
- Check the Vendor’s Advice: Review specific guidelines provided by the vendor.
- Change Your Password: Use a strong password and consider using a password manager.
- Enable Two-Factor Authentication (2FA): Opt for a FIDO2-compliant hardware key for enhanced security.
- Watch Out for Fake Vendors: Verify the identity of anyone contacting you regarding the breach.
- Take Your Time: Be cautious of urgent phishing attempts.
- Consider Not Storing Card Details: Avoid saving card information on websites.
- Set Up Identity Monitoring: Use identity monitoring to detect illegal trading of your personal information.
Conclusion
The Qantas data breach highlights the ongoing threat of cyberattacks targeting large corporations and their third-party providers. As the investigation continues, it is crucial for affected customers to stay vigilant and follow best practices to protect their personal information.
Additional Resources
For further insights, check: