Qantas has become the latest airline to suffer a cyber attack, with data belonging to around six million customers potentially exposed in the incident.
In a statement confirming the breach, the airline said compromised data includes some customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The company insists that no credit card details, passport information, or assorted financial details have been exposed. Similarly, no account passwords, PIN numbers, or login details have been accessed.
On Monday, Qantas spotted unusual activity on a third-party platform used by a Qantas airline contact center. The airline said it took immediate action upon discovery and is now implementing additional security measures to further restrict access.
Qantas said it has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as the Australian Federal Police.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously," said Qantas Group CEO Vanessa Hudson.
“We are contacting our customers today and our focus is on providing them with the necessary support."
Who’s behind the Qantas cyber attack?
While there's no official word on which group carried out the attack, cybersecurity experts told ITPro all eyes will likely be pointing toward the notorious Scattered Spider group.
Scattered Spider has caused havoc in the retail sector in recent months, targeting UK retailers including Harrods, Co-op and Marks & Spencer (M&S).
The group now appears to be shifting its attention, however. An FBI advisory last week warned the group is now targeting organizations in the aviation industry.
The ransomware gang is believed to be responsible for recent attacks on Hawaiian Airlines and Canada's WestJet.
Toby Lewis, global head of threat analysis at Darktrace, said the Qantas attack bears all the hallmarks of the group so far.
"The attack follows their typical playbook: steal legitimate login credentials to walk into systems where critical security protections often aren't enabled by default, while operating from Western countries to appear as legitimate users and bypass standard security filters," Lewis told ITPro.
"Expect the stolen customer data - names, emails, birthdates, frequent flyer numbers - to fuel convincing phishing campaigns targeting loyalty programs and tricking customers with fake payment requests using real booking details."
It's not known whether Qantas has received a ransom demand - and, if so, whether it's paying up.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them?News Is this really the end for Scattered Lapsus$ Hunters?
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
M&S aims for full online restoration within four weeks following major cyber attackNews M&S CEO Stuart Machin says the high street retailer plans to fully restore operations by August following a devastating cyber attack in April.
-
British IT worker jailed for revenge attack on employer that caused a “ripple effect of disruption” for colleagues and customersNews West Yorkshire man Mohammed Umar Taj was suspended from his job in Huddersfield in July 2022, and began taking revenge within hours.
