Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers’ data.
On July 1st, Qantas disclosed that it had detected a cyberattack the previous day on a third-party platform used by a Qantas airline contact centre.
While the company did not share any further details, BleepingComputer learned that the attack shared similarities with other attacks on the aviation industry linked to threat actors classified as Scattered Spider.
On Monday, Qantas warned that the threat actors had contacted them, likely to begin extorting the company to prevent the release of the stolen data.
In a new update today, Qantas has confirmed that the threat actors stole data for approximately 5.7 million customers, with varying types of data exposed in the breach:
- 4 million customer records are limited to name, email address and Qantas Frequent Flyer details. Of this:
- 1.2 million customer records contained name and email address.
- 2.8 million customer records contained name, email address and Qantas Frequent Flyer number. The majority of these also had tier included. A smaller subset of these had points balance and status credits included.
- Of the remaining 1.7 million customers, their records included a combination of some of the data fields above and one or more of the following:
- Address – 1.3 million. This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
- Date of birth – 1.1 million
- Phone number (mobile, landline and/or business) – 900,000
- Gender – 400,000. This is separate to other gender identifiers like name and salutation.
- Meal preferences – 10,000
Qantas warns that these counts are based on unique email addresses, and customers may have multiple accounts with different emails.
The airline also continues to stress that no Qantas Frequent Flyer accounts, passwords, PINs and login details, financial information, or passport details were stolen in the attack.
Qantas says they are now contacting customers whose data was stolen and have implemented additional safeguards to protect customers’ data.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” said Qantas Group Chief Executive Officer Vanessa Hudson.
“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened.”
Qantas recommends that customers be on the lookout for emails claiming to be from Qantas that may be attempts to steal further information.
The attack on Qantas follows other recent attacks on the aviation industry, including those on Hawaiian Airlines and WestJet.
The threat actors, classified as Scattered Spider, are utilizing social engineering attacks to breach corporate networks and systems, stealing data and attempting to extort companies into paying a ransom.
In some attacks, such as M&S and Co-op, the threat actors attempted to deploy the DragonForce ransomware to encrypt devices.
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
Get the Report
