Cyber criminals now know your Qantas meal preferences
Some 5.7 million Qantas customers lost personal data when cyber criminals last week scammed their way to getting access to an offshore data facility.
Millions of Qantas customers are being told how much of their personal data – including meal preferences – was taken by cyber criminals in last week’s raid.
The airline has revealed that 5.7 million customer records were impacted when a third-party system used by an offshore call centre was hacked.
Of those, the names, email addresses and frequent flyer details of four million customers were exposed.
The remaining 1.7 million customers had a bigger set of data taken, including their names, email addresses, as well as their dates of birth, phone numbers, personal or business addresses, gender and meal preferences.
In total, some 10,000 meal preferences were accessed.
“From today, we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services,” CEO Vanessa Hudson said on Wednesday.
You might like
The airline maintains that there is no evidence so far that any personal data that was stolen has been released on the dark web.
However, specialist cybersecurity experts are “actively” monitoring for breaches.
No financial information, credit card details or passport details were stored in the system and so were not accessed, Qantas maintained.
Qantas also reaffirmed that frequent flyer accounts, passwords, PINS and login details remain safe.
“The data that was compromised is not enough to gain access to these frequent flyer accounts,” the airline said.
The update comes a week after the cyber attack, which left Qantas customers reeling.
Stay informed, daily
It was later revealed that the offshore call centre had been scammed into giving a caller access to the third-party site.
Qantas was contacted on Monday by a hacker claiming to be behind the theft of the data, but remains tight-lipped about their identity.
Multiple cyber experts believe the group responsible is called Scattered Spider, a cabal of young cybercriminals living in the US and the UK.
The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
Qantas has set up more cybersecurity measures to protect customer data and continues to examine how the attack happened.
“We remain in constant contact with the National Cyber Security Co-ordinator, Australian Cyber Security Centre and the Australian Federal Police,” Hudson said in a statement.
Customers are urged to remain alert to emails, text messages or phone calls when the sender purports to be from Qantas.
It also recommended customers deploy two-step authentication on accounts and don’t provide account passwords, personal or financial information via an email, call or text.
It comes as security experts warn scam attempts may skyrocket in the wake of the hack similar to the rise in impersonation attacks when Optus was hacked in 2022, exposing 10 million customers’ details.
Legal experts suggest the incident could lead to a class action against Qantas, after compensation claims were made against Optus and Medibank following major breaches in 2022.
