Qantas Airways has confirmed that customer data compromised in a July cyber breach has been released online by cybercriminals. This incident marks a significant escalation in the frequency and severity of cyberattacks targeting businesses across various sectors.
In July, Qantas disclosed that over a million customers had their sensitive information, including phone numbers, birth dates, and residential addresses, exposed during one of Australia’s most significant cyber incidents in recent years. Additionally, the personal details of another four million customers were compromised, encompassing only names and email addresses.
This breach underscores a troubling trend in cybersecurity, following high-profile incidents involving Optus and Medibank in 2022, which catalyzed the introduction of mandatory cyber resilience laws in Australia. The Qantas incident has further illustrated the vulnerability of personal data and the substantial risks posed by cybercriminal activity.
In a recent statement, Qantas acknowledged its role as part of a broader global issue, noting that it is one of several organizations impacted by the release of data following the breach. The airline confirmed that the customer information was stolen via a third-party platform, which is widely reported to be Salesforce. Reports indicate that the attackers employed social engineering tactics to gain unauthorized access to the system.
Qantas has engaged cybersecurity experts to probe the specifics of the data exposure, guaranteeing that stringent measures are in place to restrict the misuse of the stolen information. The airline stated that they have secured an ongoing injunction to prevent the data from being accessed, viewed, shared, or utilized by any parties, including third-party organizations.
The hacker collective Scattered Lapsus$ Hunters has taken responsibility for the release of Qantas’s data, asserting that the information was disclosed after a ransom deadline set by the group lapsed. This incident serves as a stark reminder of the evolving tactics used by adversaries in the cyber landscape.
Analyzing the potential tactics used in this breach through the lens of the MITRE ATT&CK framework, it appears that techniques such as initial access via social engineering, as well as data exfiltration, played a crucial role. The incident illustrates not only the vulnerabilities present within third-party platforms but also highlights the need for businesses to bolster their cybersecurity defenses against sophisticated attacks.
