The Australian airline has detected unusual activity affecting up to six million customer profiles, prompting an immediate response to mitigate the situation.
Qantas Faces Data Breach Affecting Six Million Customers
Qantas Faces Data Breach Affecting Six Million Customers
Qantas Airways reports a significant data breach involving customer information due to a cyberattack on a third-party platform.
Qantas Airways is confronting the fallout from a cyberattack that compromised personal data for approximately six million customers. The breach was identified on June 30, when the airline noted "unusual activity" within a third-party customer service platform that housed sensitive information such as names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
Following detection, Qantas took immediate measures to contain the breach. While the airline continues to investigate the extent of the data theft, it has indicated that a substantial portion of the information may have been compromised. Notably, officials have reassured customers that highly sensitive details like passport information, credit card numbers, and financial data were not compromised, nor were frequent flyer account details, passwords, or PINs.
The company has since notified the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner about the incident. Vanessa Hudson, Qantas Group CEO, expressed the company's apologies and recognized the uncertainty the breach may cause customers. She encouraged those concerned to reach out to a dedicated support line and emphasized that airline operations and safety remain unaffected.
This incident occurs in a broader context of rising cybersecurity threats to the airline industry. Recent warnings from the FBI indicated that the aviation sector is increasingly targeted by cybercriminals, including a specific group known as Scattered Spider. Other airline services, such as Hawaiian Airlines and WestJet, have also experienced similar cyberattacks in recent weeks.
Qantas' data breach is part of a troubling trend seen in Australia, which has witnessed several data leaks this year, including significant incidents affecting AustralianSuper and Nine Media. According to recent statistics from the Office of the Australian Information Commissioner (OAIC), 2024 was recorded as the worst year for data breaches in Australia since 2018. Australian Privacy Commissioner Carly Kind has warned that the threat of such attacks is unlikely to fade and has urged both public and private sectors to enhance their data protection measures.
