On June 30, Qantas reported a cyber incident at one of its contact centres, which compromised customer data.
“We detected unusual activity on a third-party platform used by a Qantas airline contact centre. We then took immediate steps and contained the incident. We can confirm all Qantas systems remain secure,” the airline said in a statement. The airline is investigating the proportion of data that was stolen but expects it to be significant. BBC is reporting that up to six million customer profiles could be affected.
An initial review confirmed customers’ names, email addresses, phone numbers, dates of birth and frequent flyer numbers were compromised. Credit card details, personal financial information and passport details are not held in this system and were not affected. Frequent flyer accounts, passwords, PIN numbers, or log in details were also not accessed.
This incident follows a recent wave of airline cyber security breaches over the last few months.
On June 28, the FBI issued an alert warning of a cybercriminal group known as Scattered Spider targeting the airline sector. The FBI said the group impersonated employees or contractors to deceive IT help desks into granting access to systems. They target large corporations and their IT providers, which means the airline industry could be at risk.
The alert was issued a day after Hawaiian Airlines reported a cybersecurity event that impacted some of its IT systems. The airline did not provide details on which systems were attacked but said flights had not been impacted.
According to Travel Weekly, Canada's WestJet was also affected by a cybersecurity breach last month. The attack affected internal systems as well as its app and website.
In South Africa, SAA had also reported a cyber-breach in May that disrupted access to the airline’s website, mobile app and several internal operational systems. The airline confirmed that customer data was not compromised.
