Qantas reveals the massive extent of the data stolen in last week's cyber attack with about 1.3 million addresses leaked
Qantas on Wednesday released an update after the airline confirmed last week that many pieces of critical information were stolen.
While the carrier said no credit card details, personal financial information or passport details were accessed, some personal information was leaked in the attack.
The airline said 1.3 million addresses, which includes residential and business addresses alongside hotels for misplaced baggage delivery, were taken in the breach.
The date of births for 1.1 million customers, alongside 900,000 phone numbers, the genders of 400,000 and the meal preferences of 10,000 were also leaked.
At least 1.2 million customers' names and email addresses were taken, while another 2.8 million customers' name, email address and Qantas Frequent Flyer number were stolen.
The majority of these had their tier list included while a smaller group had their points balance and status credit included.
Qantas CEO Vanessa Hudson said the carrier is reaching out to impacted customers to alert them about the specific information that was leaked and is increasing security measures.
'Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened," Ms Hudson said
'We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.'
Qantas first detected unusual activity on a third-party platform used by an airline contact centre last Monday.
The airline said it took "immediate steps and contained the system" and assured customers all of the airline's systems remained secure.
An investigation into the cyber incident is ongoing, and additional security measures are also being put in place to "further restrict access and strengthen system monitoring and detection".
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
ABC News
13 hours ago
- ABC News
Qantas boss says hacked data is yet to be released by cyber criminals
The boss of Qantas would not confirm or deny if the company has been asked to pay a ransom, after the airline put the number of customers impacted by last week's cyber attack at 5.7 million.
Sky News AU
14 hours ago
- Sky News AU
'All kinds of downstream attacks': Chilling warning after Qantas cyber attack breaches details of almost six million customers
A cyber security expert has warned data stolen in the cyber attack on Qantas could be used for 'all kinds of downstream attacks'. On Wednesday, Qantas confirmed 5.7 million customer records were impacted by the cyber incident, which resulted in 1.3 million addresses and 900,000 phone numbers being accessed. Customers have since started to receive follow-up emails outlining exactly what pieces of their personal details have been accessed. For some customers, the accessed data includes their name, email address and Qantas Frequent Flyer number. For other flyers, the cyberattack accessed their Qantas tier, points balance and status credits. UNSW cyber security expert Dr Hammond Pearce said people should be most wary of scam calls and phishing attacks when someone calls impersonating someone from a reputable company who appears to have your file open with your details. Dr Pearce said the scammers 'gain your trust' before setting you up for a 'downstream attack goal'. The cyber security expert said a 'healthy degree of skepticism' was vital to avoid such breaches and to verify the person on the other end of the line was who they said they were. Dr Pearce even suggested hanging up on a supposed Qantas call and calling back on the Qantas hotline to provide 'a bit more certainty' you were talking to a legitimate company employee. To counteract any cyberattacks or account hacks using passwords, Dr Pearce strongly suggested multi-factor authentication. 'This is something that we would encourage everyone to be using on every service that supports it,' he said. 'In terms of what you can do ... just have a healthy degree of skepticism when people cold call you.' Dr Pearce said Qantas would have an uphill battle in getting to the root of the attack as cyber-attackers had a wide-ranging arsenal of tricks. ' Cyber attackers have a lot of different tools in their arsenal to hide who they are. It can be quite tricky for (Qantas) to work out who's taken the data, where they've put it - has it been leaked?' he said. 'These are all questions that are notoriously difficult to answer. Yeah, they've got some hard work ahead of them.' Dr Pearce said a ransom situation was 'very difficult' as the circumstances indicated the Qantas data had been copied rather than stolen completely. 'The Australian government recommends never paying any kind of ransom for these kinds of situations because at the end of the day, you're only really going to encourage further cyber-criminal activity by doing so,' he said. The national carrier reassured customers that no credit card details, personal financial information or passport details were stolen. Qantas said there continues to be "no impact" to Qantas Frequent Flyer accounts, including PINs, passwords and login details. "The data that was compromised is not enough to gain access to these Frequent Flyer accounts," the airline said. Qantas Group CEO Vanessa Hudson said Qantas has put in place a "number of additional cyber security measures" to further protect customers data following the incident. "We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police," she said earlier on Wednesday. "I would like to thank the various agencies and the federal government for their continued support." Qantas first detected unusual activity on a third-party platform used by an airline contact centre last Monday.
Sydney Morning Herald
15 hours ago
- Sydney Morning Herald
‘I dropped everything': Qantas boss clears the air on cyberattack
It wasn't quite the same drama Kiefer Sutherland's fictional character, Jack Bauer, endures in the TV series 24, but Qantas boss Vanessa Hudson has just had her own little adventure tackling cybercriminals. Ten days ago, while holidaying with her family in Greece, Hudson received the call from a senior executive holding down the fort in Australia. It was an early morning call for Hudson, and the news was grim. Qantas' system had been breached by cybercriminals. It was the first crisis under Hudson's watch, and her holiday was over as round the clock management of the crisis kicked in. The data breach was bad enough, but how Qantas would handle the situation was a key object of interest for customers, the media, the government and the airline's board. To say nothing of the elites – from the likes of the prime minister to the chairman of BHP – given some members of the Chairman's Lounge had their details stolen. A response team was quickly assembled, with members from the IT, Frequent Flyers, communications and government relations divisions all pitching in. For the next 72 hours, Hudson held a series of meetings with the response team, the board and the government, including the federal Transport Minister, Catherine King. 'As soon as I was contacted I dropped everything, this was 100 per cent of my focus – responding to the team,' Hudson said. In the early hours of the drama, what had been stolen and how many and which customers had fallen victim wasn't known. She said that in the first 24 hours, the first and most immediate task, was to secure the system and lock out the cybercriminals. Once done, the next task was to access what information was contained in the breached system and which customers were affected. From the Qantas customer management perspective it was equally important to find out what information wasn't compromised. Luckily hackers had stolen no passport or credit card details, but addresses, phone numbers and frequent flyer numbers of millions of customers were now in a criminal database.
