Legal risk on Qantas radar as hack victims face scams

The Advertiser

16 hours ago

Airlines are being warned to tighten security after a hack affecting millions of Qantas customers leaves the aviation giant exposed to possible legal action.
The cyber attack targeted a third-party platform used by one of the airline's call centres, exposing the personal details of up to six million customers.
Names, phone numbers, dates of birth and email addresses are among the data believed to be leaked.
Legal experts have suggested the incident could lead to a class action in a repeat of compensation claims lodged following major breaches at Optus and Medibank in 2022.
The hack of sensitive customer details at the health insurer could end up costing it $700 million or more, analysts have said.
The primary wrongdoing was clearly with the hackers, but Qantas could still face secondary liability if it was found to have breached its duties, Monash University associate law professor Michael Duffy said.
"Based on previous class actions that have been taken for data breaches, there is certainly a possibility of action being taken against Qantas," he told AAP.
"This issue of data and privacy breaches is not going to go away."
The exposure of customers' dates of birth was particularly sensitive, Assoc Prof Duffy said.
"While exposure of names and email addresses are a concern, any exposure of dates of birth is more serious because of the potential of wrongdoers to try and use them for nefarious purposes," he said.
Qantas has reassured customers their financial information, passport numbers, credit card details and frequent flyer PINs were not accessed.
It is not the first time an airline has faced a cyber attack, with America's Hawaiian Airlines and WestJet compromised in recent weeks.
Cybersecurity experts warn this might be a sign the aviation industry is being targeted.
"Airlines hold all kinds of sensitive information and cybercriminals are looking to take it," NordVPN chief technology officer Marijus Briedis said.
"The industry needs to implement proactive, multi-layered security approaches that assume breaches will happen and focus on minimising their impact."
There is speculation the hackers responsible for the airline attacks is Scattered Spider, a group of young cyber criminals living in the US and the UK.
Security experts are concerned about the risk of follow-on scams targeting affected customers.
Macquarie University's Dali Kaafar said the release of private details could lead to malicious actors building a more complete profile about individuals, making them more susceptible to other forms of cyber crime.
He warned Qantas customers to change their passwords and access codes to prevent potential hacks.
That was because many people used their date of birth as a PIN, but the information had now been compromised, Professor Kaafar said.
Qantas is investigating the cyber attack and its impacts, urging customers to be on high alert for future scam attempts.
Chief executive Vanessa Hudson confirmed the company was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.
A customer support line was established to provide customers with the latest information.
Qantas shares were slightly up on Thursday after initially shedding 3.6 per cent following news of the hack.
Airlines are being warned to tighten security after a hack affecting millions of Qantas customers leaves the aviation giant exposed to possible legal action.
The cyber attack targeted a third-party platform used by one of the airline's call centres, exposing the personal details of up to six million customers.
Names, phone numbers, dates of birth and email addresses are among the data believed to be leaked.
Legal experts have suggested the incident could lead to a class action in a repeat of compensation claims lodged following major breaches at Optus and Medibank in 2022.
The hack of sensitive customer details at the health insurer could end up costing it $700 million or more, analysts have said.
The primary wrongdoing was clearly with the hackers, but Qantas could still face secondary liability if it was found to have breached its duties, Monash University associate law professor Michael Duffy said.
"Based on previous class actions that have been taken for data breaches, there is certainly a possibility of action being taken against Qantas," he told AAP.
"This issue of data and privacy breaches is not going to go away."
The exposure of customers' dates of birth was particularly sensitive, Assoc Prof Duffy said.
"While exposure of names and email addresses are a concern, any exposure of dates of birth is more serious because of the potential of wrongdoers to try and use them for nefarious purposes," he said.
Qantas has reassured customers their financial information, passport numbers, credit card details and frequent flyer PINs were not accessed.
It is not the first time an airline has faced a cyber attack, with America's Hawaiian Airlines and WestJet compromised in recent weeks.
Cybersecurity experts warn this might be a sign the aviation industry is being targeted.
"Airlines hold all kinds of sensitive information and cybercriminals are looking to take it," NordVPN chief technology officer Marijus Briedis said.
"The industry needs to implement proactive, multi-layered security approaches that assume breaches will happen and focus on minimising their impact."
There is speculation the hackers responsible for the airline attacks is Scattered Spider, a group of young cyber criminals living in the US and the UK.
Security experts are concerned about the risk of follow-on scams targeting affected customers.
Macquarie University's Dali Kaafar said the release of private details could lead to malicious actors building a more complete profile about individuals, making them more susceptible to other forms of cyber crime.
He warned Qantas customers to change their passwords and access codes to prevent potential hacks.
That was because many people used their date of birth as a PIN, but the information had now been compromised, Professor Kaafar said.
Qantas is investigating the cyber attack and its impacts, urging customers to be on high alert for future scam attempts.
Chief executive Vanessa Hudson confirmed the company was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.
A customer support line was established to provide customers with the latest information.
Qantas shares were slightly up on Thursday after initially shedding 3.6 per cent following news of the hack.
Airlines are being warned to tighten security after a hack affecting millions of Qantas customers leaves the aviation giant exposed to possible legal action.
The cyber attack targeted a third-party platform used by one of the airline's call centres, exposing the personal details of up to six million customers.
Names, phone numbers, dates of birth and email addresses are among the data believed to be leaked.
Legal experts have suggested the incident could lead to a class action in a repeat of compensation claims lodged following major breaches at Optus and Medibank in 2022.
The hack of sensitive customer details at the health insurer could end up costing it $700 million or more, analysts have said.
The primary wrongdoing was clearly with the hackers, but Qantas could still face secondary liability if it was found to have breached its duties, Monash University associate law professor Michael Duffy said.
"Based on previous class actions that have been taken for data breaches, there is certainly a possibility of action being taken against Qantas," he told AAP.
"This issue of data and privacy breaches is not going to go away."
The exposure of customers' dates of birth was particularly sensitive, Assoc Prof Duffy said.
"While exposure of names and email addresses are a concern, any exposure of dates of birth is more serious because of the potential of wrongdoers to try and use them for nefarious purposes," he said.
Qantas has reassured customers their financial information, passport numbers, credit card details and frequent flyer PINs were not accessed.
It is not the first time an airline has faced a cyber attack, with America's Hawaiian Airlines and WestJet compromised in recent weeks.
Cybersecurity experts warn this might be a sign the aviation industry is being targeted.
"Airlines hold all kinds of sensitive information and cybercriminals are looking to take it," NordVPN chief technology officer Marijus Briedis said.
"The industry needs to implement proactive, multi-layered security approaches that assume breaches will happen and focus on minimising their impact."
There is speculation the hackers responsible for the airline attacks is Scattered Spider, a group of young cyber criminals living in the US and the UK.
Security experts are concerned about the risk of follow-on scams targeting affected customers.
Macquarie University's Dali Kaafar said the release of private details could lead to malicious actors building a more complete profile about individuals, making them more susceptible to other forms of cyber crime.
He warned Qantas customers to change their passwords and access codes to prevent potential hacks.
That was because many people used their date of birth as a PIN, but the information had now been compromised, Professor Kaafar said.
Qantas is investigating the cyber attack and its impacts, urging customers to be on high alert for future scam attempts.
Chief executive Vanessa Hudson confirmed the company was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.
A customer support line was established to provide customers with the latest information.
Qantas shares were slightly up on Thursday after initially shedding 3.6 per cent following news of the hack.
Airlines are being warned to tighten security after a hack affecting millions of Qantas customers leaves the aviation giant exposed to possible legal action.
The cyber attack targeted a third-party platform used by one of the airline's call centres, exposing the personal details of up to six million customers.
Names, phone numbers, dates of birth and email addresses are among the data believed to be leaked.
Legal experts have suggested the incident could lead to a class action in a repeat of compensation claims lodged following major breaches at Optus and Medibank in 2022.
The hack of sensitive customer details at the health insurer could end up costing it $700 million or more, analysts have said.
The primary wrongdoing was clearly with the hackers, but Qantas could still face secondary liability if it was found to have breached its duties, Monash University associate law professor Michael Duffy said.
"Based on previous class actions that have been taken for data breaches, there is certainly a possibility of action being taken against Qantas," he told AAP.
"This issue of data and privacy breaches is not going to go away."
The exposure of customers' dates of birth was particularly sensitive, Assoc Prof Duffy said.
"While exposure of names and email addresses are a concern, any exposure of dates of birth is more serious because of the potential of wrongdoers to try and use them for nefarious purposes," he said.
Qantas has reassured customers their financial information, passport numbers, credit card details and frequent flyer PINs were not accessed.
It is not the first time an airline has faced a cyber attack, with America's Hawaiian Airlines and WestJet compromised in recent weeks.
Cybersecurity experts warn this might be a sign the aviation industry is being targeted.
"Airlines hold all kinds of sensitive information and cybercriminals are looking to take it," NordVPN chief technology officer Marijus Briedis said.
"The industry needs to implement proactive, multi-layered security approaches that assume breaches will happen and focus on minimising their impact."
There is speculation the hackers responsible for the airline attacks is Scattered Spider, a group of young cyber criminals living in the US and the UK.
Security experts are concerned about the risk of follow-on scams targeting affected customers.
Macquarie University's Dali Kaafar said the release of private details could lead to malicious actors building a more complete profile about individuals, making them more susceptible to other forms of cyber crime.
He warned Qantas customers to change their passwords and access codes to prevent potential hacks.
That was because many people used their date of birth as a PIN, but the information had now been compromised, Professor Kaafar said.
Qantas is investigating the cyber attack and its impacts, urging customers to be on high alert for future scam attempts.
Chief executive Vanessa Hudson confirmed the company was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.
A customer support line was established to provide customers with the latest information.
Qantas shares were slightly up on Thursday after initially shedding 3.6 per cent following news of the hack.