Qantas Australia: 6 Million Customer Accounts Accessed In Cyber Attacks

JAKARTA - Qantas, Australia's largest airline, announced that personal data of about six million of its customers has been accessed by hackers. This initiative makes it Australia's biggest data breach in recent years and a blow to airlines rebuilding public trust after the reputation crisis.

According to Qantas' statement on Wednesday, July 2, Cyberattack targeted the call center and managed to access third-party customer service platforms that store names, email addresses, phone numbers, date of birth, and frequent flight numbers from six million subscribers.

The airline did not specify the location of the affected call center or customer. Qantas learned of the violation after detecting suspicious activity on the platform and immediately taking action to tackle it.

"Investigation of the stolen data is still ongoing, but we estimate the number is quite significant," Qantas said, while ensuring there is no impact on flight operations or safety.

Last week, the FBI warned that a hacker group named Scattered Spider targeted airlines. Hawaiian Airlines and WestJet Canada have reported similar incidents. Qantas did not name certain hacker groups.

Mark Thomas, Director of Cybersecurity of the Arctic Wolf company in Australia, said the trend was worrying because of its scale and coordination. Scattered Spider's group is known to mimic the company's technical staff to steal employee passwords, and is believed to be performing a similar mode.

Charles Carmakal, Alphabet's CTO of cybersecurity company Mandiant, said it was too early to confirm the perpetrators, but advised world airlines to be alert to social engineering attacks.

Qantas' share price fell 2.4% in afternoon trading sessions, inversely with the overall market rising 0.8%.

This breach has been Australia's most prominent since the case of an attack on telecommunications operator Optus and health insurance company Medibank in 2022, prompting a new cyber resilience law, including the obligation to report incidents.

Qantas is trying to improve his public image after the crisis caused by controversial actions during the COVID-19 pandemic, including the illegal dismissal of mass ground staff and the sale of canceled flight tickets.

Qantas CEO, Vanessa Hudson, who has been in office since 2023 has succeeded in improving the company's reputation. "We are aware of the uncertainty that this data breach will cause. Customers entrust their personal data to us, and we take this responsibility very seriously," Hudson said.

Qantas has reported the incident to the Australian Cybersecurity Center, the Australian Information Commissioner's Office, and the Australian Federal Police.

Airlines confirmed that the perpetrator did not access the frequent flighter account, customer password, PIN, or other login details.