3 hours ago
2
Hackers have released personal data of 5.7 million Qantas customers on the dark web, making good on their promise to publish the information stolen from the airline’s system this year.
Qantas is one of 40 companies (including Toyota, Disney, Ikea, Air France and KLM) compromised by hacker collective Scattered Lapsus$ Hunters, which stole almost 1 billion records by targeting customers of cloud technology giant Salesforce in July.
Qantas Airways suffered a data breach in July and the hackers demanded $1 million.Credit: Bloomberg
The hackers did not break into Salesforce’s system. Instead, they called the IT helpdesks of the 40 companies – posing as legitimate employees – and convinced them to get access to the systems. In Qantas’ case, a call centre based in the Philippines was reportedly targeted by the hackers.
Having set a deadline of leaking the data over the weekend unless ransoms were paid by either Salesforce or Qantas, the hackers released passenger information on Saturday (Australian time).
The Qantas passenger information released to the dark web includes dates of birth, phone numbers, addresses, emails and frequent flyer numbers. No credit card details, personal financial information or passport details were stolen, and no frequent flyer accounts were compromised.
Loading
Both Salesforce and Qantas had consistently maintained that they would not pay the ransom.
Qantas noted that it was “one of a number of companies globally that has had data released by cyber criminals”.
“With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” a company spokesperson said.
In July, Qantas contacted all affected customers regarding types of personal data in the breach.
The airline suggests consumers check qantas.com and or use its support line on 1800 971 541 or +61 2 8028 0534 for updates and for access to specialist identity protection services.
Qantas has obtained an ongoing NSW Supreme Court injunction that minimises the legal public disclosure of the personal details of the affected customers, including the status as members of Qantas’ loyalty programs. The injunction prevents media, social media and other lawful entities from publishing the sensitive information, even as it is put out on the dark web.
The release occured despite reports that US and French law enforcement authorities had seized one of the key platforms used by hackers to leak stolen data on the internet.
The authorities took over the domains linked to the BreachForums hacking forum, some 24 hours before the deadline set by the hackers.
However, the subsequent release of the stolen data would indicate that the seizure of the forum had not affected the ability of the hackers to send information out.
Security experts are advising Qantas customers to remain vigilant about use of their information. The airline advises customers to be wary of callers and email senders claiming to be from Qantas. Customers should use two-step authentication on their accounts and monitor evolving threats by the National Anti-Scam Centre’s Scamwatch webpage.
Qantas was contacted for comment. The airline has previously said that it was monitoring the situation with the help of specialist cybersecurity experts and was offering a 24/7 support line and specialist identity protection advice to affected customers.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Most Viewed in Business
Loading
