Qantas has emphasised that no financial details, passport information, PINS or passwords were accessed in the breach of a database used by its Manila call centre, but that a range of other information was.

This included everything from names, addresses and birthdates to phone numbers, email addresses, frequent flyer numbers, points balances and status tiers.

Details of 5.7 million people were stored on the database, although the amount of information held on each varied slightly.

The data from the cyber attack has not yet surfaced on the dark web, where it could be sold to criminals seeking to exploit the originators.

Qantas will not say whether any ransom demand has been received but that only a “potential” cyber criminal has made contact. 

The Australian Federal Police is investigating, with assistance from Qantas and external specialists.

Senior staff research engineer at Maryland-based cybersecurity firm Tenable, Satnam Narang, said that just because no customer data had been published did not mean the hackers weren’t planning to cash in on the Qantas strike.

“The biggest risk now to customers is social engineering scams,” Mr Narang said.

“With the latest update that phone numbers were also exposed, we would anticipate primarily text or SMS message-based scams sent to affected users that could be more detailed than the typical SMS scams. Direct phone calls may also be used, although that is less common.”

Hacking group Scattered Spider is considered the most likely culprit behind the Qantas hack, which happened not long after America’s FBI warned that the group was targeting airlines.

Made up of mainly young people from Western countries who learned their craft by finding ways to cheat playing video games, Scattered Spider is also believed responsible for attacks on Hawaiian Airlines and Canada’s WestJet.

The group’s method of operation typically involves the hacker impersonating an airline employee or IT contractor to trick call centres into providing access to a sensitive database.

Once inside they steal data and deploy ransomware which can restrict access to systems until a ransom is paid.

Qantas has provided few details of its cyber attack, other than to say it was the result of an “interaction” with the contact centre in Manila, and its systems were now secure.

Mr Narang said Scattered Spider’s motive was financial gain, and victims of the Qantas attack should be alert to potential scams.

“Customers should be very sceptical of incoming SMS messages or phone calls purporting to be from Qantas or other entities, including those in the financial services sector,” he said.

The incident has failed to dent the Qantas share price, which has continued to make modest gains in the two weeks since the cyber attack, climbing to a record-equalling close of $10.87 on Tuesday.

The share price has been one of the few positives for the airline, which suffered a further blow on the weekend when an aerobridge hit an A380 at Sydney Airport.

The engine cowling was damaged and the flight to Johannesburg cancelled while repairs were made. An investigation is continuing into the incident, which occurred after the superjumbo was boarded and the aerobridge was being retracted.

More Coverage

Qantas hack proves the risk of digital disaster

Derek Peterson

Vanessa Hudson’s ‘great regret’ over Qantas cyber attack

Robyn Ironside, Jared Lynch

Originally published as Experts reveal the big risk to Qantas customers after the airline’s email update completed