After uncovering a breach last week, the airline Qantas has confirmed that hackers stole data on 5.7 million unique customers.
On Wednesday, the Australian airline published an update after containing the breach. “There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor,” Qantas said.
The hackers stole the data by targeting a third-party platform that handled Qantas customer support. Fortunately, no credit card numbers or passport details were looted since the information wasn’t stored in the affected IT system. However, the cybercriminals did loot some personal information from customers, including names, email addresses, physical addresses, dates of birth and phone numbers.
What kind of information was stolen will vary between customers. For example, Qantas said 4 million of the affected customer records only contained name, email address and possibly Qantas Frequent Flyer details. However, another subset of 1.1 million users had their dates of birth exposed.
(Qantas )
Qantas hasn’t identified the hackers responsible. But the incident occurred days after cybersecurity vendors and the FBI warned that a cybercriminal group called Scattered Spider had started targeting the airline sector. The gang grabbed headlines back in 2023 for hacking MGM Resorts and causing a widespread disruption at the casino provider.
Scattered Spider has excelled at using social engineering tactics, like impersonating employees or IT support, to infiltrate corporations. The gang has often focused on stealing confidential data and installing ransomware in an effort to extort millions from victim companies.
Recommended by Our Editors
An extortion attempt may have already been made to Qantas. On Monday, the airline said: “A potential cyber criminal has made contact, and we are currently working to validate this. As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the details of the contact.”
In the meantime, affected users can expect to receive an official email from Qantas with more specifics on the data stolen. However, the airline is also telling customers to watch out for phishing emails or phone calls that impersonate the Qantas brand. “Always independently verify the identity of the caller by contacting them on a number available through official channels.”
Our Best Editor-Vetted Prime Day Deals Right Now
*Deals are selected by our commerce team
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
