Australian flag carrier Qantas has revealed that a potential cybercriminal has contacted the airline following a massive data breach that resulted in the theft of personal details belonging to as many as six million passengers.
The embarrassing cybersecurity incident was detected on June 30, although it remains unclear how long the database had been compromised before the airline’s IT department became aware of a breach.
Held within the database were intimate personal details of millions of customers, including names, dates of birth, phone numbers, and frequent flyer numbers. Qantas is yet to work out exactly how many customers have had their data stolen.
On Monday, Qantas revealed that a “potential” cybercriminal had contacted the airline, although the airline did not reveal whether a ransom had been demanded for the return of the stolen data.
In a statement, the airline said it was still working to validate whether the cybercriminal was genuine. A spokesperson added: “As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the details of the contact.”
Once the cyber breach was detected, Qantas says it took immediate steps to contain its IT systems and has confirmed that all of its systems are now secure.
What Data Has Been Stolen?
Qantas has now confirmed that the following type of data was stolen in the data breach:
- Names
- Email addresses
- Phone numbers
- Dates of birth
- Frequent Flyer numbers
What Data Has Not Been Stolen?
Thankfully, the database that was accessed by the hacker did not contain the following sensitive information:
- Credit card details
- Personal financial information
- Passport details
Qantas also says that no frequent flyer accounts were compromised during the attack.
Qantas has sent blanket emails to frequent flyers who may have had their data stolen, but the airline is yet to get in contact with individual customers who were affected by this incident.
Communications to impacted passengers are expected later this week, but in the meantime, the airline has warned customers to be on guard for scammers who are attempting to take advantage of the situation by contacting customers and pretending to be from Qantas.
News of the Qantas data breach came just days after cybersecurity companies put the aviation industry on high alert to the threat of hackers targeting airlines.
In particular, Sam Rubin, SVP of Threat Intelligence at cybersecurity firm Unit 42, warned that the infamous Scattered Spider group could try to gain illegal access to secure airline databases by employing ‘social engineering’ scams.
“Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry,” Rubin said in a post on LinkedIn. “Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA [multi-factor authentication] reset requests.”
Qantas chief executive Vanessa Hudson attempted to reassure passengers, saying that the investigation was “progressing well” after outside cybersecurity experts were called in to help the airline.
“We are treating this incredibly seriously and have implemented additional security measures to further strengthen our systems,” Hudson said last week. “Our customers can be assured that we have the right expertise and resources dedicated to resolving this matter thoroughly and effectively.”
