Qantas Confirms Data Breach Affecting Millions of Customers

Australian airline Qantas has reported a significant data breach affecting approximately 5.7 million customers. The airline revealed on Sunday that sensitive customer information stolen during a major cyberattack earlier this year has been leaked online. This breach is part of a broader incident involving multiple organizations, including several high-profile companies.

In July, Qantas disclosed that hackers had targeted one of its customer contact centres, gaining access to a computer system managed by a third-party vendor. The compromised data includes customer names, email addresses, phone numbers, and birthdays. However, Qantas emphasized that credit card details and passport numbers were not stored in the compromised system.

Wider Implications of the Breach

The third-party provider involved is reportedly the software firm Salesforce, which acknowledged last week that it was aware of extortion attempts by cybercriminals. According to AFP, the hackers have also accessed data from various other companies, including Disney, Google, IKEA, Toyota, McDonald’s, and airlines Air France and KLM.

In a statement, Qantas confirmed, “We are one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident in early July.” The airline is working with specialist cybersecurity experts to investigate the scope of the data leak, stating, “We are looking into what data was part of the release.”

To mitigate the situation, Qantas has secured a legal injunction from the Supreme Court of New South Wales. This injunction aims to prevent unauthorized access, viewing, release, use, transmission, or publication of the stolen data.

Cybercriminals Behind the Attack

Cybersecurity analysts have linked the breach to a group known as Scattered Lapsus$ Hunters. Research group Unit 42 indicated that the group had claimed responsibility for attacks targeting Salesforce systems as part of a coordinated effort to steal data and demand ransom. Reports suggest that the hackers have set an October 10 deadline for ransom payment.

Further information from the threat intelligence platform FalconFeeds indicated that the stolen customer data was posted on the dark web over the weekend. Other companies, such as Vietnam Airlines, clothing retailer Gap, and Japanese multinational Fujifilm, have also experienced data leaks as part of this incident.

The hackers reportedly employed social engineering techniques, manipulating victims by posing as representatives from trusted companies to gain sensitive information. The ramifications of this breach extend beyond Qantas, raising concerns about data security across multiple sectors.

The incident underscores the growing threat posed by cybercriminals and highlights the importance of robust cybersecurity measures for organizations worldwide. As investigations continue, Qantas and other impacted companies face significant challenges in protecting their customers’ data and restoring trust.