Qantas Says Stolen Customer Data Leaked Online
The Australian flag carrier was targeted by hackers in July.
Australian flag carrier Qantas said Sunday that customer data stolen in a July cyberattack has been leaked online.
In a statement, the airline said cybercriminals stole 5.7 million customer records, most of which were limited to a customer’s name, email address, and frequent flyer details.
A smaller number of customers also had their business or home address, date of birth, gender, and phone number exposed.
No credit card details, personal financial information, or passport details were affected, Qantas said, and passwords, PINs, and login details were not accessed or compromised.
The data that was stolen is not enough to gain access to frequent flyer accounts, according to airline officials.
Customers whose data was stolen were notified back in July when the breach took place. The hackers are believed to have gained access to the records through a third-party platform.
Qantas did not say how many of the 5.7 million stolen records were leaked, or how it became aware that customers’ information is now circulating online.
The carrier said it has an ongoing injunction, granted by the Supreme Court of New South Wales, to prevent the stolen data from being viewed, used, transmitted, or published by anyone, but Troy Hunt, a cybersecurity expert in Australia, told The New York Times this week that the order essentially amounts to asking the hackers not to publish the records. Australian courts have no way of enforcing the injunction, he added.
Qantas is continuing to work with law enforcement agencies, including the Australian Cyber Security Centre and the Australian Federal Police, to investigate the breach.
Australian police have not publicly identified the cybercriminal group that attacked Qantas, but earlier this year, the FBI warned that international hacker collective Scattered Spider is increasingly targeting the airline industry, making the organization a likely suspect. The group’s members operate from the U.S., Canada, and the U.K.
