Qantas has revealed a significant data breach affecting up to six million customers, prompting investigations and assurances of operational integrity.
Qantas Faces Major Data Breach Affecting Six Million Customers
Qantas Faces Major Data Breach Affecting Six Million Customers
A cyber attack on Qantas’ third-party platform has compromised the data of millions, raising security concerns.
In an alarming cyber incident, Qantas, the Australian airline, has confirmed that a breach on its third-party customer service platform has impacted the personal data of approximately six million customers. This breach was identified on June 30 when the airline detected "unusual activity" on the platform, which contains sensitive information such as names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
Following the discovery, Qantas promptly enacted measures to contain the breach. Despite the serious nature of the incident, the airline reassured its customers that no passport information, credit card details, or personal financial data was stored within the compromised system. Moreover, the integrity of frequent flyer accounts, including passwords and PINs, remains intact.
The airline has proactively informed the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner about the breach. Vanessa Hudson, CEO of Qantas Group, extended an apology to affected customers and acknowledged the anxiety such news may provoke. She confirmed that operations of Qantas airline remain unaffected, emphasizing safety as a priority.
This breach comes shortly after the FBI issued a warning regarding the airline industry's vulnerability to cybercrime, particularly from a group known as Scattered Spider. Recently, similar attacks have also targeted Hawaiian Airlines and WestJet, indicating a disturbing trend of cyber threats against aviation companies.
The Qantas breach contributes to a worrying consistency of data breaches in Australia, with notable incidents involving AustralianSuper and Nine Media occurring in recent months. Statistics from the Office of the Australian Information Commissioner (OAIC) noted that Australia experienced its worst year for data breaches on record in 2024, highlighting ongoing vulnerabilities across both private and public sectors.
Carly Kind, Australian Privacy Commissioner, emphasized the necessity for businesses and government entities to enhance security measures and better protect data against malicious attacks. As this story continues to evolve, industry stakeholders and the public call for stronger safeguards to ensure data integrity across all sectors.
