‘I dropped everything': Qantas boss clears the air on cyberattack
Ten days ago, while holidaying with her family in Greece, Hudson received the call from a senior executive holding down the fort in Australia. It was an early morning call for Hudson, and the news was grim.
Qantas' system had been breached by cybercriminals. It was the first crisis under Hudson's watch, and her holiday was over as round the clock management of the crisis kicked in.
The data breach was bad enough, but how Qantas would handle the situation was a key object of interest for customers, the media, the government and the airline's board. To say nothing of the elites – from the likes of the prime minister to the chairman of BHP – given some members of the Chairman's Lounge had their details stolen.
A response team was quickly assembled, with members from the IT, Frequent Flyers, communications and government relations divisions all pitching in. For the next 72 hours, Hudson held a series of meetings with the response team, the board and the government, including the federal Transport Minister, Catherine King.
'As soon as I was contacted I dropped everything, this was 100 per cent of my focus – responding to the team,' Hudson said.
In the early hours of the drama, what had been stolen and how many and which customers had fallen victim wasn't known. She said that in the first 24 hours, the first and most immediate task, was to secure the system and lock out the cybercriminals.
Once done, the next task was to access what information was contained in the breached system and which customers were affected.
From the Qantas customer management perspective it was equally important to find out what information wasn't compromised. Luckily hackers had stolen no passport or credit card details, but addresses, phone numbers and frequent flyer numbers of millions of customers were now in a criminal database.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sydney Morning Herald
2 days ago
- Sydney Morning Herald
Qantas hack will haunt affected customers for a long time, experts warn
Qantas customers caught up in the data breach are under increased risk, with experts warning that the information stolen from the airline could be used to target accounts they hold at other high-profile brands. The airline on Wednesday said that 5.7 million customers had their information accessed by hackers last week, including information on frequent flyer accounts (including membership tier status: bronze, silver, gold, platinum or Chairman's Lounge), addresses and even the food preferences of thousands of travellers. US-based cybersecurity company Arkose Labs' chief executive Kevin Gosschalk told this masthead the stolen information could potentially be used to break into accounts the affected Qantas customers have with retail, grocery and luxury brands. 'It's not about targeting Qantas, it's about how else can scammers now go and scam the information and the individuals who had their information,' said Brisbane-born Gosschalk. 'It's going to be a problem for customers for many years to come.' Loading With the Qantas data now out in the wild, criminals 'have a very clean, very targeted list they can go use to try and compromise other industry and other company accounts in Australia', warned Gosschalk. Gosschalk, whose company counts aviation companies and large corporations as clients, added the stolen membership status data would be especially lucrative for hackers, allowing them to home in on more high-end accounts. 'That is a hyper-targeted list for a scammer to go and try to compromise a multimillionaire's accounts. That data is way more useful targeting the victims, than targeting the airlines.'
The Age
2 days ago
- The Age
Qantas hack will haunt affected customers for a long time, experts warn
Qantas customers caught up in the data breach are under increased risk, with experts warning that the information stolen from the airline could be used to target accounts they hold at other high-profile brands. The airline on Wednesday said that 5.7 million customers had their information accessed by hackers last week, including information on frequent flyer accounts (including membership tier status: bronze, silver, gold, platinum or Chairman's Lounge), addresses and even the food preferences of thousands of travellers. US-based cybersecurity company Arkose Labs' chief executive Kevin Gosschalk told this masthead the stolen information could potentially be used to break into accounts the affected Qantas customers have with retail, grocery and luxury brands. 'It's not about targeting Qantas, it's about how else can scammers now go and scam the information and the individuals who had their information,' said Brisbane-born Gosschalk. 'It's going to be a problem for customers for many years to come.' Loading With the Qantas data now out in the wild, criminals 'have a very clean, very targeted list they can go use to try and compromise other industry and other company accounts in Australia', warned Gosschalk. Gosschalk, whose company counts aviation companies and large corporations as clients, added the stolen membership status data would be especially lucrative for hackers, allowing them to home in on more high-end accounts. 'That is a hyper-targeted list for a scammer to go and try to compromise a multimillionaire's accounts. That data is way more useful targeting the victims, than targeting the airlines.'
Sydney Morning Herald
2 days ago
- Sydney Morning Herald
Qantas hack includes Chairman's Lounge membership data
The new detail about the data breach was contained in the broader release of information on the scale of last week's hack of Qantas customer data. About 4 million of the 5.7 million records were limited to name, email address and Qantas frequent flyer details only, the airline said, but a smaller, unspecified, subset had 'points balance and status credits included'. Within the 4 million figure, 1.2 million customer records contained only their name and email address. The data exposed from around 1.7 million Qantas travellers contained a combination of their address (1.3 million), date of birth (1.1 million), phone number (900,000) and gender (400,000), and some – about 10,000 – even had their meal preferences hacked. A week after the incursion into its database, Qantas said the airline could 'reconfirm' that no credit card details, personal financial information or passport details were stored in the system affected 'and therefore have not been accessed'. 'There continues to be no impact to Qantas frequent flyer accounts. Passwords, PINs and login details were not accessed or compromised. The data that was compromised is not enough to gain access to these frequent flyer accounts,' Qantas said in a statement. Last week, after detecting unauthorised activity on a 'third-party platform' used by the airline's contact centre in Manila, the airline called in cyber investigators and began notifying members. On Monday, Qantas said that 'a potential cybercriminal has made contact' with the airline. Hacked data is often used for further digital fraud. Rob Dooley, vice president of cybersecurity company Rapid7, notes that stolen information on its own is 'relatively innocuous'. 'It's when you correlate it with other data such as passwords matching those credentials from other breaches that it becomes valuable. 'It was connecting email addresses used as usernames and hoping those users didn't have two-factor authentication and had not changed their passwords,' said Dooley. This tactic was used in recent attacks on Australian superannuation funds, such as Australian Retirement Trust, AustralianSuper, HostPlus and Insignia Financial. Qantas claims 17 million frequent flyer members globally. The Qantas data breach also follows cyberattacks on Optus and Medibank Private in 2022. The criminals who breached Medibank Private began posting customer data online to coerce the health insurer into paying a ransom. Qantas CEO Vanessa Hudson said the airline had purged data in the aftermath of the damaging hacks of Optus and Medibank in 2022. 'The data we were deleting was more personal identity data that has been historically held in our system, such as passport details and also other relevant identity data. 'That has been an action that we took as a result of the Optus and the Medibank cyberattack,' Hudson said, without detailing the volume of data. Hudson said it was too early to discuss compensation for affected Qantas travellers, as the company was focusing on updating them about the breach. 'By far the majority of customers have said 'the next piece of information that I want from Qantas is the specific details of my data that was breached', which is what we're doing today,' she said. Loading As Hudson spoke, Qantas sent personalised emails to customers detailing what data was breached. 'Our cybersecurity teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed,' one email read, outlining that the customer's name, email address and tier of frequent flyer status had been breached. Hudson would not reveal anything about the cybercriminals behind the hack, saying it would be unhelpful to speculate. She referred questions to the Australian Federal Police. The AFP confirmed it was investigating the incident following a request from Qantas. 'Investigators are working closely with the airline and further comment will be provided at an appropriate time,' a spokesperson said. It is understood that the Australian Signals Directorate is also assisting in the response. Qantas urged customers to 'remain alert, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas'.
