Qantas confirms a cyberattack on a vendor exposed data for 5.7 million passengers, including names, emails, and frequent flyer numbers. No credit card or passport data compromised.
Qantas confirmed Wednesday that a cyberattack on one of its vendors affected 5.7 million passengers.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Qantas Group CEO Vanessa Hudson said in a statement.
Hudson said the airline is reaching out to customers to notify them about the specific data held in the compromised systems and to give them advice on the additional support services available to them.
The airline said the database stored approximately four million passengers’ names and email addresses, with 2.8 million of those records also including people’s frequent-flyer numbers. The other 1.7 million compromised records included some combination of date of birth, phone numbers, gender and meal preferences.
Qantas officials reiterated their assurance that the hackers did not access any credit card numbers, passport data, or other sensitive personal or financial information. There is also no evidence that the intruders have leaked any of the stolen data online.
The airline is warning passengers to beware of any calls or messages from people claiming to represent Qantas, as they are likely fraudulent.
Qantas said it has taken several steps to enhance its own internal security to prevent a similar attack from happening again.
The airline disclosed the breach earlier this month amid a widening attack spree linked to the Scattered Spider cybercrime group.
However, it is possible that Scattered Spider was not directly responsible for the attack. Security researchers said it might instead have been the work of affiliated threat groups engaged in similar social-engineering attacks.
Researchers at Mandiant said in June that a threat group dubbed UNC6040 has been targeting Salesforce instances to launch social-engineering attacks and engage in extortion. This group overlaps with The Com, the underground collective with ties to Scattered Spider. Salesforce first warned about these attacks in March.
Qantas has not publicly attributed the attack to any threat actor.
