Qantas has become the latest airline to suffer a cyber attack, with data belonging to around six million customers potentially exposed in the incident.
In a statement confirming the breach, the airline said compromised data includes some customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The company insists that no credit card details, passport information, or assorted financial details have been exposed. Similarly, no account passwords, PIN numbers, or login details have been accessed.
On Monday, Qantas spotted unusual activity on a third-party platform used by a Qantas airline contact center. The airline said it took immediate action upon discovery and is now implementing additional security measures to further restrict access.
Qantas said it has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as the Australian Federal Police.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously," said Qantas Group CEO Vanessa Hudson.
“We are contacting our customers today and our focus is on providing them with the necessary support."
Who’s behind the Qantas cyber attack?
While there's no official word on which group carried out the attack, cybersecurity experts told ITPro all eyes will likely be pointing toward the notorious Scattered Spider group.
Scattered Spider has caused havoc in the retail sector in recent months, targeting UK retailers including Harrods, Co-op and Marks & Spencer (M&S).
The group now appears to be shifting its attention, however. An FBI advisory last week warned the group is now targeting organizations in the aviation industry.
The ransomware gang is believed to be responsible for recent attacks on Hawaiian Airlines and Canada's WestJet.
Toby Lewis, global head of threat analysis at Darktrace, said the Qantas attack bears all the hallmarks of the group so far.
"The attack follows their typical playbook: steal legitimate login credentials to walk into systems where critical security protections often aren't enabled by default, while operating from Western countries to appear as legitimate users and bypass standard security filters," Lewis told ITPro.
"Expect the stolen customer data - names, emails, birthdates, frequent flyer numbers - to fuel convincing phishing campaigns targeting loyalty programs and tricking customers with fake payment requests using real booking details."
It's not known whether Qantas has received a ransom demand - and, if so, whether it's paying up.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Google emissions have surged 51% in five yearsNews While overall carbon emissions have increased significantly, the company is making solid progress in bolstering data center energy efficiency.
-
Leaseweb names Alex Wessel as new chief operations officerNews Wessel is tasked with leading centralized teams at Leaseweb’s Amsterdam headquarters.
-
M&S aims for full online restoration within four weeks following major cyber attackNews M&S CEO Stuart Machin says the high street retailer plans to fully restore operations by August following a devastating cyber attack in April.
-
British IT worker jailed for revenge attack on employer that caused a “ripple effect of disruption” for colleagues and customersNews West Yorkshire man Mohammed Umar Taj was suspended from his job in Huddersfield in July 2022, and began taking revenge within hours.
-
The Scattered Spider hacker group has a new industry in its crosshairsNews The notorious Scattered Spider threat group is now turning its attention to the airline industry, with attacks on operators intensifying.
-
Financial impact of cyber attacks on UK retailers laid bare in new reportNews Analysis from the Cyber Monitoring Centre shows the recent cyber attacks on a host of UK retailers could cost up to £440 million.
-
A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here's what you need to knowNews Researchers at SecurityScorecard have issued a warning about a new China-linked threat campaign, dubbed 'LapDogs', targeting IoT devices and home routers.
-
‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategyNews Paul Chichester, director of operations at the UK’s National Cyber Security Centre, urged businesses to keep closer tabs on geopolitical events to gauge potential cyber threats.
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
