Hackers Leak Personal Details Of Six Million Qantas Customers On Dark Web
- Qantas was one of several well known international companies that fell victim to a cyber attack on its Salesforce customer service software. Salesforce has refused to pay a ransom to the hackers to stop the data being leaked
Hackers have leaked the personal details of up to six million Qantas customers on the dark web after the airline’s third-party vendor of customer service software refused to pay a ransom to have the data returned.
In late June, Qantas revealed it was one of several well-known international companies that had fallen victim to a cyberattack on the software provided by US technology firm Salesforce.
Other victims of the Salesforce data breach include Air France and KLM Royal Dutch Airlines, as well as luxury brands like Cartier, Louis Vuitton, and Pandora.
The hackers behind the Salesforce attack had given the company a Saturday deadline to pay a ransom or face the threat of personal customer details being leaked on the dark web.
After the deadline passed, Australian data security experts confirmed that details belonging to Qantas customers had, indeed, been leaked.
Hackers were able to steal a treasure trove of personal information, including customer names and email addresses, as well as frequent flyer numbers, and, in some cases, information like dates of birth, addresses, phone numbers, and even in-flight meal preferences.
Qantas has moved to reassure worried customers, saying that frequent flyer accounts have not been affected by the hack. The airline has also offered customers free access to credit checking services so that they can have early warning of someone trying to steal their identity.
Senior executives at Qantas had their annual bonuses docked by 15% as punishment for the data breach, although the Australian flag carrier is far from alone in falling victim to this attack.
Several US-based customers of Air France are mounting a class action lawsuit against the airline, claiming that it failed to take reasonable measures to prevent a cyberattack, especially given the threat of hackers targeting international airlines.
Earlier this year, the FBI’s Cyber Division issued an urgent alert to the aviation industry, warning that cyber criminals affiliated with the so-called ‘Scattered Spider’ group were actively targeting airlines.
The FBI said the fraudsters were often using social engineering techniques to fool IT help desks into granting them access to internal computer systems, allowing them to steal data or corrupt files.
British Airways was so worried about the potential for an attack that it accidentally locked hundreds of pilots and cabin crew out of key operational IT systems as it deployed new security protocols to counter the latest threat.
