The personal data of more than 6 million Qantas customers has been stolen in a cyberattack believed to be part of a co-ordinated attack on airlines globally.
The United States Federal Bureau of Investigation issued a statement this week warning airlines not to pay ransoms to a cybercriminal gang called Scattered Spider, which is thought to be responsible for the attacks.
“The threat from Scattered Spider is ongoing and rapidly evolving,” the FBI said.
Qantas said a cybersecurity incident occurred in one of its contact centres, affecting customer data on Monday, when a gang targeted a call centre and gained access to a third-party customer service platform.
Although Qantas’ operations and safety remain unaffected, the airline said 6 million customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers were taken. The airline said credit card and payment details were stored separately.
Last year, Qantas ruled out a cyberattack after an IT malfunction allowed customers to see and access frequent flyer points of other customers via the airline’s app.
North America’s Hawaiian Airlines and WestJet were both hit by similar attacks in the past two weeks.
It said no frequent flyer PINs or log-in details were stolen, and it was confident no frequent flyer accounts were compromised in the attack.
The airline joins a long list of Australian companies targeted by cybercriminals, including Medibank and Optus. Experts have called for the Australian government to ban the payment of ransoms to deter hackers.
“Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified,” it said.
Chief executive Vanessa Hudson apologised to customers and said Qantas would provide necessary support.
“We are working closely with the federal government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber-security experts,” Hudson said.
The airline is expected to bolster its cybersecurity expertise when it names a replacement for outgoing director Todd Sampson, who is set to leave the company at the end of this month.
bluesix•10h ago
> The airline is expected to bolster its cybersecurity expertise when it names a replacement for outgoing director Todd Sampson, who is set to leave the company at the end of this month.
Weird. Why would they have been delaying a cybersecurity upgrade until after a board member has left? Was Todd preventing/holding up the implementation?
sen•10h ago
The personal data of more than 6 million Qantas customers has been stolen in a cyberattack believed to be part of a co-ordinated attack on airlines globally.
The United States Federal Bureau of Investigation issued a statement this week warning airlines not to pay ransoms to a cybercriminal gang called Scattered Spider, which is thought to be responsible for the attacks.
“The threat from Scattered Spider is ongoing and rapidly evolving,” the FBI said. Qantas said a cybersecurity incident occurred in one of its contact centres, affecting customer data on Monday, when a gang targeted a call centre and gained access to a third-party customer service platform.
Although Qantas’ operations and safety remain unaffected, the airline said 6 million customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers were taken. The airline said credit card and payment details were stored separately. Last year, Qantas ruled out a cyberattack after an IT malfunction allowed customers to see and access frequent flyer points of other customers via the airline’s app. North America’s Hawaiian Airlines and WestJet were both hit by similar attacks in the past two weeks.
It said no frequent flyer PINs or log-in details were stolen, and it was confident no frequent flyer accounts were compromised in the attack.
The airline joins a long list of Australian companies targeted by cybercriminals, including Medibank and Optus. Experts have called for the Australian government to ban the payment of ransoms to deter hackers.
“Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified,” it said.
Chief executive Vanessa Hudson apologised to customers and said Qantas would provide necessary support.
“We are working closely with the federal government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber-security experts,” Hudson said.
The airline is expected to bolster its cybersecurity expertise when it names a replacement for outgoing director Todd Sampson, who is set to leave the company at the end of this month.
bluesix•10h ago
Weird. Why would they have been delaying a cybersecurity upgrade until after a board member has left? Was Todd preventing/holding up the implementation?