Australian Airline Hit By Major Cybersecurity Breach With Personal Details Of Up To 6 Million Customers Stolen

Confirmation of the cyberattack comes just days after IT experts in Silicon Valley put the aviation industry on high-alert to the threat of hackers targeting international airlines.

Qantas plane parked at a gate with another Qantas jet taxiing in the background

The Australian airline Qantas has been hit by a major cybersecurity breach after hackers targeted a call center used by the carrier. Security experts still don’t know the full extent of the data loss, but it’s feared that sensitive personal details belonging to six million customers could have been stolen.

A spokesperson for the embattled carrier did not explain how the hackers were able to get past its security systems, but the airline noted that the information was held on a third-party platform.

Applications Now Being Accepted. Qantas Hiring International Cabin Crew — The third-party computer system that was breached had customer records beloging to six million Qantas passengers.

The incident was detected on Monday when Qantas’ IT department noticed what it described as “unusual activity” on a system used at one of its customer contact centers.

Once the hack was detected, the system was contained, although Qantas didn’t say how long the data had been compromised before its IT department discovered the hack and locked down the data.

“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” the airline warned in a statement early on Wednesday.

a white airplane flying in the sky — Photo Credit: Qantas

“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates, and frequent flyer numbers.”

A spokesperson noted, however, that credit card details, passport information and personal financial information was not held on the compromised system.

Qantas has now started an urgent investigation into how hackers could have gained access to such an important system.

A spokesperson added: “While we conduct the investigation, we are putting additional security measures in place to further restrict access and strengthen system monitoring and detection.”

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” commented Qantas chief executive Vanessa Hudson.

“We are contacting our customers today and our focus is on providing them with the necessary support.”

The news comes just days after Sam Rubin, SVP of Threat Intelligence at cybersecurity firm Unit 42, put the aviation industry on high alert that hackers linked to the infamous Scattered Spider group were attempting to target international airlines.

Rather than using reams of code to break into computer systems, Scattered Spider is more likely to use ‘social engineering’ to gain access to restricted databases from which they can steal sensitive information and shut down operations.

Also going by the name Muddled Libra, the group “stands at the intersection of devious social engineering and nimble technology adaptation,” Unit 42 warned last month.

They continue to use social engineering as their primary modus operandi, targeting a company’s IT help support desk,” Unit 42 explained in a threat assessment document.

“Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry,” Rubin added in a post on LinkedIn. “Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA [multi-factor authentication] reset requests.”

On Monday, it emerged that Delta Air Lines had locked tens of thousands of frequent flyer accounts without warning, raising concerns that the Atlanta-based carrier had also been targeted by a cyberattack.

Around 68,000 members of Delta’s SkyMiles frequent flyer loyalty program have been locked out of their accounts and will have to contact the airline to verify their identity before they can regain entry.

The company has not commented directly on reports that hackers had targeted its SkyMiles platform, but a spokesperson noted that it occasionally locks individual accounts for security purposes.

In recent weeks, both Hawaiian Airlines and Canada’s Westjet have been the victims of cyberattacks.

The Office of the Australian Information Commissioner said it was waiting for Qantas to fully assess the cyberattack and determine whether it was legally bound to report it. Qantas has up to 30 days to complete this process.

Mateusz Maszczynski

Mateusz Maszczynski honed his skills as an international flight attendant at the most prominent airline in the Middle East and has been flying ever since... most recently for a well known European airline. Matt is passionate about the aviation industry and has become an expert in passenger experience and human-centric stories. Always keeping an ear close to the ground, Matt's industry insights, analysis and news coverage is frequently relied upon by some of the biggest names in journalism.