In a troubling development, Qantas has reported that it is currently the target of an extortion attempt following a significant cyberattack that may have compromised the personal data of approximately 6 million customers. This alarming situation came to light when Qantas confirmed that a potential cybercriminal has reached out, prompting the airline to initiate validation procedures.
In an official statement, Qantas noted, “Given the nature of this criminal event, we have involved the Australian Federal Police and will refrain from disclosing further specifics about the extortion.” This aligns with industry standards of caution when navigating such sensitive matters, particularly in the face of ongoing threats.
On July 1, Qantas disclosed the cyberattack, revealing that it had detected unusual activity within a third-party system associated with one of its contact centers the previous day. The breach reportedly led to the exposure of customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. crucially, Qantas affirmed that sensitive financial information, such as credit card details, was not compromised.
In light of the incident, the airline has issued a warning to customers about potential scams and phishing attempts leveraging the stolen data. Qantas has made it clear that all legitimate communications will originate from the qantas.com domain and will never solicit sensitive customer information via phone, text, or email.
The incident is part of a broader pattern of attacks targeting the aviation sector by cyber threat actors linked to the group known as Scattered Spider. This group has demonstrated expertise in social engineering tactics that facilitate initial access to corporate networks, often by manipulating help desks or support vendors into resetting employee passwords and multi-factor authentication (MFA) settings.
Their activities shifted from attacking the retail sector earlier this year, with notable breaches affecting major companies such as Marks & Spencer and Co-op, to recently include insurance firms and, most significantly, the aviation industry. Attacks have also been reported against airlines like WestJet and Hawaiian Airlines.
Qantas is actively cooperating with cybersecurity experts alongside various governmental bodies, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, to investigate the breach thoroughly. The use of adversarial tactics such as initial access and social engineering is likely a focal point in understanding how the breach occurred.
The potential implications for Qantas and its customers underline the critical importance of robust cybersecurity measures. As the investigation unfolds, business owners are urged to remain vigilant against similar threats and to prioritize the security of their networks and customer data. BleepingComputer has reached out to Qantas for further insights into the ongoing extortion efforts and will provide updates as information becomes available.
