Qantas Data Breach: Millions Affected by Third-Party Contact Centre Cyber Incident

Qantas Airways, Australia’s flagship carrier, has confirmed a cybersecurity breach impacting customer data through a third-party contact centre platform, raising concerns for millions of frequent flyers. Although the airline’s core operations remain unaffected, the breach may have exposed sensitive personal information of up to 6 million customers.

“We understand this will be concerning for customers,” Qantas stated in its official release. “We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available.”

On Monday, Qantas detected unusual activity on a third-party platform used by one of its contact centres. The platform, not part of Qantas’ internal IT infrastructure, was promptly isolated to contain the threat.

“The incident occurred when a cyber criminal targeted a call centre and gained access to a third party customer servicing platform,” the airline confirmed. “We can confirm all Qantas systems remain secure.”

Despite fast response actions, the incident potentially compromised a significant amount of customer data stored in the affected system.

While the full extent of the breach is still under investigation, initial findings indicate that the exposed data may include:

• Full names
• Email addresses
• Phone numbers
• Birthdates
• Frequent flyer numbers

Importantly, no credit card information, financial details, passport numbers, passwords, PINs or login credentials were compromised, according to Qantas.

“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers… No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.”

Qantas has initiated a multi-agency response involving:

• The Australian Cyber Security Centre (ACSC)
• The Office of the Australian Information Commissioner (OAIC)
• The Australian Federal Police (AFP)
• The National Cyber Security Coordinator
• Independent cybersecurity experts

“While we conduct the investigation, we are putting additional security measures in place to further restrict access and strengthen system monitoring and detection,” Qantas said.

The airline has also launched a dedicated customer support line and webpage to assist affected individuals and share updates.

Related Posts:

• Global Centre for Cybersecurity was formally established
• Ransomware: The Latest High-Tech Crime Wave and the Industries It Affects
• Canadian Organizations Targeted by Chinese State-Sponsored Scanning
• Chinese hackers attack Australian national universities, threatening national security