According to a new tab, Qantas (QAN.AX) suffered a setback in restoring trust following a reputational disaster when a cyber hacker gained access to a database that contained the personal information of millions of consumers. This was Australia’s largest breach in recent memory.
According to a statement released by Qantas on Wednesday, the hacker targeted a call center and obtained access to a third-party customer care network that had six million names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
The call center’s location and the consumers whose information was compromised were not disclosed by the airline. It claimed to have discovered the breach after seeing odd activity on the platform and to have taken prompt action to stop it.
Qantas stated, “We are continuing to investigate the proportion of data that has been stolen, though we expect it will be significant,” with no mention of any effects on safety or operations.
The U.S. Federal Bureau of Investigation warned last week that the cybercrime group Scattered Spider was targeting airlines, and that breaches had already been reported by Canadian company WestJet and Hawaiian Airlines (HAII.UL). No group was named by Qantas.
“The scope and coordination of this trend are particularly concerning, as there have been recent reports that Qantas is the most recent victim of a hack,” stated Mark Thomas, director of security services for Australia at the cybersecurity company Arctic Wolf.
Thomas stated that “it is plausible they are executing a similar playbook” because Scattered Spider hackers have a history of posing as a company’s IT professionals in order to obtain employee passwords.
Although it is too soon to determine whether Scattered Spider was to blame, Charles Carmakal, chief technical officer of Alphabet-owned (GOOGL.O) cybersecurity firm Mandiant, stated that “global airline organizations should be on high alert of social engineering attacks.”
While the market as a whole was up 0.8% in afternoon trade, Qantas’ share price was down 2.4%.
NOTICED ATTENTION
The breach is the most well-known in Australia since those involving health insurance giant Medibank (MPL.AX) and telecom network operator Optus in 2022 spurred cyber resilience regulations that require mandatory reporting of events and compliance.
After its activities during and after the COVID-19 epidemic caused it to fall in the airline and brand league tables, it draws unwanted attention to Qantas, which is working to regain the trust of the people.
While receiving government stimulus grants during the 2020 border closure, Qantas was discovered to have unlawfully fired hundreds of ground personnel. Additionally, it acknowledged selling thousands of tickets for flights that had already been canceled.
Opposition MPs criticized the airline for allegedly lobbying the federal government in 2022 to deny Qatar Airways’ bid to offer additional flights. Qantas denied exerting pressure on the government, which ultimately turned down the proposal. The consumer regulator claimed that this action harmed pricing competition.
According to reputation metrics, Vanessa Hudson, the CEO of Qantas, has raised the airline’s profile since taking office in 2023.
Regarding the data leak, Hudson stated, “We recognise the uncertainty this will cause.” “Our customers trust us with their personal information, and we take that responsibility seriously.”
According to Qantas, the Australian Federal Police, the Office of the Australian Information Commissioner, and the Australian Cyber Security Centre were informed.
AFP just stated that it was aware of the situation, while ACSC declined to comment. Commentary from the OAIC was not immediately available.
According to the airline, the hacker did not obtain customer passwords, PINs, log-in information, or frequent flyer accounts.
