Qantas says suspected cybercriminal has made contact
Qantas has been approached by what it labelled a “potential” cybercriminal, a week after hackers stole data on up to six million customers.
The airline said, in a statement on Monday after market close, that “a potential cybercriminal has made contact” but it would not disclose if a ransom is being sought. Qantas would also not disclose if a monetary sum was mentioned.
CEO Vanessa Hudson said Qantas is treating the cyber hack “incredibly seriously.”Credit: Eamon Gallagher
“As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the detail of the contact,” a Qantas spokesman said.
Qantas is currently working with cybersecurity experts “to validate” the authenticity of the communication.
“There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cybersecurity experts, we continue to actively monitor,” the airline said.
Last week, Qantas detected unusual activity on a “third-party platform” used by the airline’s contact centre in Manila, prompting an investigation. The airline disclosed the breach, thought to be the work of a criminal cybergang called Scattered Spider, last Wednesday.
The Qantas data breach follows high-profile cyberattacks on Optus in 2022, when hackers gained access to names, phone numbers and drivers licences of the telco giant’s customers.
It was followed by a ransomware gang breaching Medibank Private, when criminals began posting private customer data online to coerce the health insurer into paying the ransom.
In a statement to the ASX on Wednesday, Qantas said the stolen data included customer names, email addresses, phone numbers and birthdates, as well as frequent flyer numbers.
No credit card details, personal financial information or passport details were held on the hacked platform, and no frequent flyer accounts were compromised, Qantas said, adding that the breach had been “contained”.
Nevertheless, Qantas warned customers to remain “alert for unusual communications claiming to be from Qantas.”
The cybergang thought to be behind the incident sometimes works with ransomware gangs, which approach the targeted companies, demanding money in exchange for keeping company data private.
Qantas maintains call centres in Manila, Auckland, New Zealand, Johannesburg, South Africa and Hobart. The incident is a test of Hudson’s leadership, as she seeks to rebuild Qantas’ reputation following a series of crises under former CEO Alan Joyce, who stepped down in 2023.
“We’re going to review everything as a part of understanding what happened, why it happened, and we will take action and learnings from that,” Hudson said on Friday.
Hudson said in a statement the investigation into the incident “is progressing well, with our cybersecurity teams working alongside leading external specialists to determine what information has been accessed.”
One Australia-based cybersecurity professional said it was “unusual” six million customer records were taken “and a ransom hasn’t been demanded”.
“I’ve not noticed anything on the dark web in terms of data, as well, which again is unusual,” he said.
Get alerts on breaking news as it happens. Sign up for our Breaking News Alert.