Prime Highlights
- Qantas hit by mass-scale cyber attack exposing personal information of more than 5.7 million customers.
- Sensitive information such as phone numbers, addresses, and birthdays exposed for over 1 million people.
Key Facts
- No password, passport, or Frequent Flyer login details were leaked.
- Data breach initiated from third-party call center software employed by Qantas.
Key Background
“Qantas data breach” has been Australia’s most vexing cyber intrusion in the last few years. The airline determined that a cyber intrusion exposed 5.7 million customer records through a third-party platform that had been adopted by a Manila call centre operation. While the vast majority of records that were compromised contained only low-order identifiers—i.e., names, email addresses, and Frequent Flyer numbers—about 1.7 million customers also had further sensitive information exposed.
Of especial note, 1.3 million consumers’ home addresses were disclosed, 1.1 million had their dates of birth disclosed, and roughly 900,000 saw their phone numbers divulged. While of serious concern, Qantas assured consumers that no money details, passport numbers, or Frequent Flyer PINs and passwords were divulged.
Qantas authorities initiated an investigation in collaboration with the Australian Federal Police and Australian Cyber Security Centre. Cyber-security specialists have been hired to help, and additional security protocols have been hastily instituted on all internet-based platforms. These include increased checks on identities, fraud monitoring, and assistance to those affected.
Impacted customers of 15 years and older are being contacted personally by email and on the Qantas Frequent Flyer site. Customers will be able to see the unique data points used in their own personal case. An additional support hotline has been activated and is 24/7 available for addressing concerns.
This follows increased public awareness after a spate of recent high-profile cyberattacks on organizations such as Optus and Medibank. It has led to renewed demands for businesses to increase cybersecurity infrastructure and better third-party risk management. Qantas has warned all of its customers to be on the lookout for phishing attempts and employ two-factor authentication and robust email passwords as safeguards.
