Qantas Airways Targeted in Major Data Breach Exposing the Details of 6 Million Customers

• Qantas Airways was affected by a security incident that exposed the personal information of six million customers.
• The cyber incident involved a breach of a third-party customer service platform.
• The leaked sensitive details include names, email addresses, phone numbers, and birth dates.

Australia's flagship carrier, Qantas Airways, recently disclosed a significant cyber incident involving a breach of a third-party customer service platform. The cyberattack targeted a call center platform used by Qantas.

The security breach compromised the personal data of approximately six million customers. Exposed information includes names, email addresses, phone numbers, birth dates, and frequent flyer membership numbers.  

Yet, PINs, passwords, and login credentials were reportedly not affected, Reuters mentions in a recent report.  

Qantas said it identified unusual activity on the platform and acted swiftly to contain the incident. The airline has since involved multiple agencies, including the Australian Cyber Security Centre and the Federal Police, to investigate the attack and assess the scale of the breach.  

The breach comes amid heightened concerns about cybersecurity threats in the aviation sector. Recently, the FBI issued a warning regarding cybercriminal groups targeting airlines, emphasizing the tactics used by entities like the Scattered Spider group. 

Known for leveraging social engineering techniques to impersonate IT staff, the threat actor has reportedly prompted breaches in other airlines, such as Hawaiian Airlines and Canada’s WestJet. 

Charles Carmakal, Chief Technology Officer of cybersecurity firm Mandiant, said it was too soon to attribute this breach to Scattered Spider.

This event marks one of the most severe data breaches to strike the airline in years, raising fresh concerns about cybersecurity within the aviation industry.