Qantas Hit by Major Cyber Attack

Australia’s flagship carrier has confirmed it was the victim of a “significant” cyberattack that exposed the personal data of around six million customers.

The breach was detected on the 30th June when Qantas identified unusual activity on a third-party customer service platform used by one of its call centres located in Manilla in the Philipines. Qantas has not publicly named the vendor. 

The attackers gained access to at least six million Qantas customers records containing customer names, email addresses, phone numbers, birth dates and frequent flyer numbers. Qantas is still determining the extend of the data stolen but expects the impact to be substantial. Quantas say that no passport information, financial details, login credentials or PINs were stored on the compromised system.

The airline says all its core systems and operational networks were unaffected, and that it has quarantined the third-party platform, bolstered its monitoring and detection capabilities, and engaged independent cybersecurity experts to support its investigation.

Group CEO Vanessa Hudson issued a formal apology to customers

"We sincerely apologize to our customers and we recognize the uncertainty this will cause," she said. "Our customers trust us with their personal information and we take that responsibility seriously."

Qantas has not officially named the perpetrators of the recent breach, but both industry experts and law enforcement point to the notorious Scattered Spider ransomware group as the likely culprit.

The U.S. Federal Bureau of Investigation recently warned that Scattered Spider is shifting its focus to airlines, having already targeted carriers such as Hawaiian Airlines and Canada’s WestJet in coordinated social-engineering attacks. Cybersecurity analysts note that the group’s playbook typically involves phishing, multi-factor authentication bypass (“MFA bombing”) and SIM swapping to trick help desks into granting account access—tactics consistent with the Qantas incident

Qantas has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police, and has set up a dedicated support line and webpage to assist affected travellers.

Visit webpage

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

GTS Security,
Exo Building,
North Wall Quay,
Dublin 1,
D01 W5Y2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

(your logo & profile link here)

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more