A cyber hacker broke into a database containing the personal infor
mation of millions of customers, Qantas said, in Australia’s biggest bre
ach in years and a setback for an airline rebuilding trust after a reputational crisis.
The hacker targeted a call center and gained access to a third-party
customer service platform containing six million names, email address
es, phone numbers, birth dates and frequent flyer numbers, Qantas said in a statement on Wednesday.
The airline did not specify the location of the call center or customer
s whose information was compromised. It said it learnt of the breach after detecting unusual activity on the platfor
m and acted immediately to contain it.
Read more: Australia Is Inadvertently Inviting Cyber Crimewave, Data Theft Victim Service Warns
“We are continuing to investigate the proportion of the data that h
as been stolen, though we expect it will be significant,” Qantas said, reporting no impact on operations or safety.
Watch More Image Part 2 >>>
Last week, the U.S. Federal Bureau of Investigation said cybercrime group Scattered Spider was targetin
g airlines and that Hawaiian Airlines and Canada’s WestJet had already reported breaches. Qantas did not name any group.
“What makes this trend particularly alarming is its scale and coordination, with fresh reports that Qantas is the latest victim” of a hack, said Mark Thomas, Australia direc
tor of security services for cyber security firm Arctic Wolf.
Scattered Spider hackers are known to impersonate a com
s and “it is plausible they are executing a similar playbook,” Thomas said.
Charles Carmakal, chief technology officer of Alphabet-owned GOOGL.O cybersecurity firm Mandiant, said it was too soon to say if Scattered Spider was responsible but “global airline organizations should be on high alert of social engineering attacks.”
Qantas’ share price was down 2.4% in afternoon trading against an overall market that was up 0.8%.