Qantas has confirmed that a cyber attack on a third-party platform linked to one of its contact centres may have compromised data linked to six million customers.
The airline described the incident as “significant” and is working urgently to assess the extent of the breach.
In a statement released today, Qantas said the unusual activity was detected on Monday on a platform not owned by the airline but used to support customer service operations.
The affected data includes customers’ names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. However, Qantas reassured the public that “credit card details, personal financial information and passport details are not held in this system.” It also confirmed that no frequent flyer accounts, passwords, PINs or login credentials were accessed.
The compromised system has now been isolated, and Qantas has begun notifying affected customers.
Cybersecurity experts from CyberCX are assisting the airline with the investigation. A spokesperson from the firm told the ABC the attack appears consistent with tactics used by the notorious Scattered Spider group – an international hacking outfit known for targeting specific industries, most recently financial and insurance companies.
The spokesperson added that US authorities had recently issued warnings that Scattered Spider was planning to target the aviation sector.
Source: ABC News
