Update on Qantas frequent flyers data hack
The airline said in a statement late on Monday that 'a potential cybercriminal has made contact' but it would not disclose if a ransom was being sought.
'As this is a criminal matter, we have engaged the Australian Federal Police and won't be commenting any further on the detail of the contact,' a Qantas spokesman said.
Qantas said it was working with cybersecurity experts 'to validate' the authenticity of the communication.
'There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cybersecurity experts, we continue to actively monitor,' the airline said.
The airline confirmed last Wednesday that a cyber attack occurred in one of its Filipino call centres, and customers' names, dates of birth, emails, and frequent flyer numbers were stolen.
Other personal information such as credit card, passport, and financial details were not stored in those centres, Qantas has said.
In an update on Friday, the Australian Federal Police said Qantas had been 'highly engaged' with the authorities investigating the breach.
More to come
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
TechCrunch
26 minutes ago
- TechCrunch
US government confirms arrest of Chinese national accused of stealing COVID research and mass-hacking email servers
In Brief The U.S. Justice Department has confirmed the arrest of Chinese national Xu Zewei, an alleged prolific contract hacker who carried out cyberattacks for China. Xu was arrested in Italy at the request of U.S. prosecutors. Xu and another Chinese national Zhang Yu, who remains at large, are accused in a nine-charge indictment of 'hacking and stealing crucial COVID-19 research' from U.S. universities during February 2020. The DOJ said Xu worked for a company called Shanghai Powerock Network, which conducted hacking operations for the Chinese government. The alleged hackers are also accused of the mass hacks of Microsoft Exchange servers beginning in March 2021. The hackers, publicly referred to as a group called Hafnium, broke into more than 60,000 self-hosted Exchange servers run by mostly small businesses across the United States, allowing the theft of private company mailboxes and address books. Hafnium has since launched a new hacking campaign, dubbed Silk Typhoon, which researchers say is known for hacking into big companies and government agencies.
Bloomberg
29 minutes ago
- Bloomberg
US Sanctions Target North Korean Fake-Tech-Worker Scheme
The US slapped sanctions on individuals and companies linked to a scheme that involves recruiting North Koreans to pose as American tech workers and help fund Kim Jong Un's regime. The Treasury Department's Office of Foreign Assets Control imposed penalties on a 'malicious cyber actor' named Song Kum Hyok, who's accused of having ties with a hacking group linked to Pyongyang, as well as another individual and four companies based in Russia and North Korea.
CNN
39 minutes ago
- CNN
US seeks extradition of Chinese man held in Italy accused of hacking to steal Covid-19 vaccine research
Italian authorities have arrested a Chinese man accused by US prosecutors of being part of a hacking team that stole coveted US research into a coronavirus vaccine on behalf of Chinese intelligence. At the height of the pandemic in early 2020, Xu Zewei worked at the behest of China's Ministry of State Security, to target US-based universities, virologists and immunologists doing research on Covid-19 vaccines, treatment and testing, according to an indictment unsealed Tuesday in the US District Court for the Southern District of Texas. The indictment accuses another person, Zhang Yu, of participating in the activity. Zhang is believed to be in China, a Justice Department spokesperson said. Xu, 33, was detained at the Malpensa Airport northwest of Milan on July 3 and then taken to a nearby prison ahead of his court appearance, according to statements to CNN from Italian authorities. He made his initial court appearance in Milan on Tuesday as the US Justice Department begins to try to extradite Xu to the US District of South Texas, where he faces wire fraud, identity theft and hacking-related charges. The arrest is a major breakthrough for the FBI, which hunts hackers accused of working for foreign spies but rarely gets one from China into custody. 'He is one of the first hackers linked to Chinese intelligence services to be captured by the FBI,' the FBI's Houston field office posted on X. In court on Tuesday, Xu said he 'has nothing to do with this case,' his lawyer, Enrico Giarda, told reporters. 'He described himself as an IT manager at a company in Shanghai and essentially stated that he has no reason to commit the criminal acts he is being accused of,' said Giarda, adding that he was still waiting to review documents 'and understand exactly how the FBI identified him.' The arrest sets up an extradition battle that could put pressure on the Italian government, which has sought to court US President Donald Trump while also maintaining good relations with China, a significant trading partner. The indictment did not name any of the universities allegedly targeted by Xu and Zhang, but in a statement to CNN, the University of Texas Medical Branch in Galveston confirmed it was one of them. The university conducted extensive Covid-related research, including a study of the effectiveness of vaccines against emerging strains of the virus. 'The University of Texas Medical Branch is grateful to the FBI and all involved law enforcement agencies for their diligence in pursuing this investigation,' the statement said while declining further comment, citing an ongoing investigation. Liu Pengyu, spokesperson for the Chinese Embassy in Washington, DC, said he was unaware of Xu's case but that 'similar rumors have surfaced multiple times in the past, and China has already stated its position on the matter.' Chinese vaccine research and development, Liu said in an email, 'is among the most advanced in the world. China has neither the need nor the intention to acquire vaccines through so-called theft.' When the coronavirus went global in 2020, intelligence services around the world scrambled to gather information on the impacts of the virus, according to private experts and Western government officials. In some cases, that allegedly meant using hackers to target research centers developing a vaccine. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) singled out China in a May 2020 public advisory. 'The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors,' the advisory said, using an acronym for the Chinese government. Those China-linked actors 'have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing' from computer networks holding Covid-related data, the FBI and CISA said then. Teddy Nemeroff, a former senior cyber official at the State Department, said the five years between that advisory and Xu's arrest show the painstaking work that goes into efforts to track down hackers who target valuable US institutions. 'These types of arrests send an important message to cyber criminals who think they can operate with impunity from permissive jurisdictions,' Nemeroff told CNN. 'Even five years after they targeted Covid vaccine research, US law enforcement caught up with him. Such arrests are only possible with cooperation from strong law enforcement partners like Italy, who are willing to put themselves in potentially uncomfortable diplomatic positions with countries like China.' The FBI has said that China has a bigger hacking program than all other foreign governments combined, making it challenge to match Beijing's pace in intelligence-gathering. Xu's arrest 'probably isn't going to have any immediate, practical effect,' John Hultquist, chief analyst at Google's Threat Intelligence Group, told CNN. 'It may cause someone to think twice before getting involved in this because you won't be able to take a vacation.'
