Millions affected in massive Qantas security breach
Australia's national airline, Qantas, has reported a massive security breach that may have compromised the personal data of millions of its customers. While the official number is still under investigation, the leak could affect more than six million of its passengers.
According to Reuters, the hackers managed to hack into a third-party customer service platform. The data stolen included full names, phone numbers, addresses, dates of birth, and frequent flyer numbers.
Qantas, through a press release, confirmed that credit card numbers, financial information, and passports were not present in this system and remain uncompromised. It also confirmed that frequent flyer account passwords, PINs, or login details are not part of the data stolen in the breach.
The airline wrote it detected unusual activity on the third-party platform on Monday and took immediate steps to contain the system. It also confirmed that the rest of its systems remained secure.
"There are 6 million customers that have service records in this platform," the airline said. "We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant."
Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. The Australian Federal Police have also taken up the case. The airline is now contacting customers affected by the breach to provide details and support.
While Qantas said a "cyber criminal" was behind the attack, it refrained from naming the group or personnel involved pending a full investigation.
According to Reuters, the U.S. Federal Bureau of Investigation reported last week that a hacking group, Scattered Spider, was targeting airlines. Hawaiian Airlines and Canada's WestJet have also reported breaches.
