More Qantas customers come forward about frequent flyer information scandal
‘Rogue’ staff at an Indian ground-handling company may have accessed the passport details of about 1000 Qantas frequent flyer customers caught up in a cyber theft incident.
Qantas has confirmed that the near 1000 customers who were caught up in a cyber theft involving workers at an Indian ground-handling company may have had their passport numbers accessed.
As revealed by The Australian, Qantas customers had frequent flyer points stolen by two people who worked for India SATS, a joint venture between India’s main airline and SATS, Singapore’s biggest ground handling company.
“As part of the access they had to do their job, they may have had access to some customers’ passport details,” a Qantas spokesperson said.
“There’s no evidence this has been used in any way.”
The IT scandal came to light only after one Qantas customer in Sydney complained to this writer that her account had been hacked and the airline had failed to take responsibility for the breach. Since that story was published, other Qantas customers have alerted this paper that the same thing happened to them.
None have received any information from the airline.
The customers who had their names and frequent flyer numbers stolen were not flying to India and had booked directly with the airline flying on Qantas flights.
There is talk the breach may involve other carriers within the 15 airline Oneworld alliance.
Oneworld was contacted on Thursday about the breach but is still to respond.
British Airways, Malaysian Airlines and Royal Air Maroc have been specifically mentioned, as has non-Oneworld carrier Air Mauritius.
It is now known the two India-based employees used Qantas customers’ names and booking references to change their frequent flyer numbers.
The matter has been referred to Indian police authorities. It is not known whether they will investigate if passport details had been on-sold by alleged thieves.
Qantas said the cyber theft was not a hack of its systems and not in breach of the Privacy Act.
“This was not a cyber hack or data theft, but a case of two rogue employees of one of our suppliers abusing their position to fraudulently steal frequent flyer points,” the spokesman said. “We are not aware of any current bookings impacted. The police investigation is ongoing.”
In what’s likely to be a separate incident, Virgin Australia customers flying to the US on a codeshare flight with United Airlines in July also had false Velocity frequent flyer numbers added to their bookings.
It is unclear whether this was a one-off event.
Qantas uses India SATS as its ground handler in India. As a result, its staff have access to all of the airline’s flight bookings.
The alleged thieves used booking reference numbers and customer names to steal points. Other personal data including passport details and date of birth would have been available on the Amadeus booking system.
The cyber fraud is bad news for Qantas as it pours money into improving customer relations after two years of being our most complained-about airline.
Customers who contacted this paper said they were yet to receive a straight answer from Qantas about how their points were stolen, what kind of private information could have been stolen, or any apology.
More Coverage
BHP lifeline as nickel smelter shutdown culls WA mining jobs
BHP has offered new jobs to about 800 workers affected by the shutdown of its nickel operations but hundreds have chosen redundancy amid a major commodity downturn.
Mid-East tensions loom large over sharemarket
The ASX is poised for a cautious start to the week as traders fret about the prospect of a broad Middle East conflict.