Hackers infiltrated a system containing sensitive data on six million customers
Qantas said hackers had targeted one of its customer contact centres, breaching a computer system used by a third party.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
4 hours ago
- RNZ News
What we know about Scattered Spider, the hacker group targeting airlines
By Annika Burgess , ABC Photo: AFP Alarm bells were being sounded that Scattered Spider, a notoriously aggressive and prolific hacking group, had a new favourite target - the airline sector. The FBI and tech companies Google and Palo Alto Networks put out alerts over the weekend. They warned of multiple incidents in the airline and travel industry that resembled the group's operations. Now, it is believed Australia might have fallen victim to the cybercriminals. Qantas has announced that 6 million customer accounts had been exposed in a "significant" cyber attack. The airline would not confirm if it was the target of Scattered Spider, but experts said the attack appeared to have its signature moves. Scattered Spider, or UNC3944, is a loose-knit but aggressive hacking group. The "scattered" gang of affiliates goes by various names and aliases, such as Octo Tempest, Star Fraud, Scatter Swine and Muddled Libra. The members are believed to be mainly young native English speakers from the US and the UK. Some have reportedly been as young as 16 years old. Since emerging in 2022, together the gangs have been accused of breaking into and stealing data from some of the world's largest companies. They are alleged to be behind more than 100 targeted attacks across industries including telecommunications, finance, retail and gaming. Photo: 123RF The group goes from sector to sector, often targeting sectors that face significant customer pressure. And they aim for the big fish. In 2023, hackers tied to Scattered Spider broke into gaming companies , MGM Resorts and Caesars Entertainment, partially paralysing casinos and knocking slot machines out of commission. The $US14 billion gaming giant MGM Resorts operates over 30 hotels and casinos around the world, including in Macau and Las Vegas. The group has also caused mayhem across the UK , hitting some of the largest retail brands, including Harrods, Co-Op and Marks & Spencer (M&S). A recent cyber attack on M&S disrupted the company's online business for weeks. It has resulted in about £300 million in lost operating profit. Scattered Spider is known to use tactics such as social engineering, where hackers trick people into letting them into systems. They essentially target human vulnerabilities. The chief executive of M&S confirmed that "threat actors" had gained access to the retailer's systems via one of its contractors using social engineering techniques. The group typically exploits an organisation's IT helpdesk, using publicly available information to pose as a staff member. David Tuffley, a cybersecurity expert from Griffith University, said the tactics could be "pretty aggressive". "They would know just how to talk in the right way, to get people to do what it is they want them to do," he said. The impersonations could take place through phishing attacks, often fake emails or text messages, or the hackers may even make phone calls directly to the help desk. Daswin De Silva, a professor of AI and analytics and director of AI strategy at La Trobe University, said the tactics were "really manipulative". "Help desks want to resolve issues as quickly as possible," Professor De Silva told the ABC. "With a large organisation that has outsourced some of their business functions, they tend to be removed from the day-to-day operations of the main business. "When there is a disconnect like this … the security can be compromised." Another tactic the group is known to use is called multi-factor authentication (MFA) bombing or MFA fatigue. It involves attackers repeatedly sending MFA requests, such as notifications to a user's device, in an attempt to overwhelm them and trick them into approving a login. This could enable them to gain access to the data warehousing platform or manipulate password resets. Qantas has released a statement saying that it detected unusual activity on Monday on a third-party platform used by a contact centre. The airline said 6 million customers had service records in the platform, and it believed the proportion of stolen data would be "significant". An initial review confirmed the data included some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers, the airline said. "Importantly, credit card details, personal financial information and passport details are not held in this system," the statement read. "No frequent flyer accounts were compromised, nor have passwords, PIN numbers, or login details been accessed." The breach comes as the FBI has sent out a notification saying it has recently observed Scattered Spider "expanding its targeting to include the airline sector". "They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk," the FBI said in a statement posted on X. "The FBI is actively working with aviation and industry partners to address this activity and assist victims." Alaska Air Group-owned Hawaiian Airlines and Canada's WestJet have both recently reported being struck by unspecified cyber incidents. Qantas said it had notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. A spokesperson for CyberCX told ABC News the incident had all the hallmarks of an attack from the Scattered Spider hacker group. Tuffley said he "wouldn't be too surprised" if the group was behind the attack. "Qantas are actually pretty good as far as cybersecurity goes, but obviously their call centre in the Philippines or wherever it was wasn't quite so good," he said. Previous breaches on major Australian companies, including Medibank and Optus, have highlighted how cyber attacks can see people's data used as a bargaining threat to make companies pay a ransom. Another concern for Qantas customers is that their personal data could be onsold and then used to conduct fraud. Tuffley said that often, data from large-scale breaches would be combined to assemble enough information to impersonate someone. Criminals could then carry out scams such as SIM swapping or financial fraud. "They could contact a telco and say 'Hi, this is Dave, I lost my phone and I want to get a new SIM installed,'" he said. "The telco will go through all sorts of security vetting, but if they've got enough information about you, then they can succeed at that." De Silva said that often after a major breach, there would be a secondary round of attacks based on the data that was stolen. That could involve using the data to ask for password resets or security check-ups. "The attack was first detected on Monday, but customers and the public were informed on Wednesday. This delay translates to more than 48 hours for subsequent targeted/personalised attacks towards individual customers," De Silva said. "The Australian government and relevant authorities must do better in managing the communications, impact and loss following cyber attacks." Qantas customers are being advised to stay vigilant and check accounts and transactions regularly, including frequent flyer accounts. As a general piece of advice, experts say individuals should never reuse passwords on any system or service. - ABC
1News
5 hours ago
- 1News
Data from up to six million Qantas customers stolen in cyber attack
Cyber criminals have gained access to "significant" data belonging to six million Qantas customers after hacking a call centre with records including customers' names, email addresses, phone numbers and birth dates. The airline on Wednesday confirmed the cyber incident on a third-party platform but assured customers the system had since been contained. Qantas first caught wind of the attack when it detected unusual activity on a third party platform used by a Qantas airline contact centre on Monday. "The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform," the company said in a statement. "There is no impact to Qantas' operations or the safety of the airline. ADVERTISEMENT "We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers." No credit card details, financial information or passport details were held in the system that had been compromised, Qantas said. It also said no frequent flyer account details, including passwords, PIN numbers or log-in details had been accessed. 1News asked Qantas whether any New Zealanders were affected and was told the "majority" of affected customers were in Australia. Qantas Group chief executive Vanessa Hudson said the company was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. "We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously," she said. "We are contacting our customers today and our focus is on providing them with the necessary support." A dedicated customer support line had been established to provide customers with the latest information. — additional reporting by 1News.
Scoop
6 hours ago
- Scoop
Koru Racing Wins Fastest Car At STEM Racing Australia National Finals
Press Release – Koru Racing Koru Racings performance at the STEM Racing Australia National Finals caught the attention of teachers, judges, and event organisers, and Koru Racing has been offered the opportunity to be the first team to represent New Zealand at the STEM Racing … New Zealand's Koru Racing made a bold debut at the STEM Racing Australia National Finals, outperforming experienced Australian teams setting the fastest lap in the competition. STEM Racing (formerly F1 in Schools) is a global engineering competition where students design, manufacture, and race miniature F1 cars. Made from balsa wood and 3D printed components, the cars are powered by CO2 gas canisters and race down a 20m track. The competition – officially supported by Formula 1 – has over 1.2 million students competing annually, and incorporates high-level engineering, manufacturing, sponsorship, and teamwork. The team first competed in the NZ school competition at Saint Kentigern College. Koru Racing won this event, having the fastest car, best trade display, and portfolios. Because of their performance, Koru Racing was offered to compete at the 2025 STEM Racing Australia National Finals. On the first day, the team set a lap time which would remain unbeaten throughout the rest of the competition – even outperforming top Australian teams which have had podium placement at the 2024 World Finals in Saudi Arabia. Koru Racing won a trophy for the fastest car – a fantastic achievement given they had significantly less financial resources, industry support, and sponsorship, compared to their more experienced Australian counterparts, who have been competing since 2003. Koru Racing's performance at the STEM Racing Australia National Finals caught the attention of teachers, judges, and event organisers, and Koru Racing has been offered the opportunity to be the first team to represent New Zealand at the STEM Racing Singapore World Finals set for September. Attending the World Finals would allow Koru Racing to showcase their ability against 65 teams from other countries, put New Zealand innovation on the map, and provide exposure to sponsors supporting the initiative. As well as this, the team can network with experienced professionals across a range of industries, and bring home valuable knowledge and experience to mentor other kiwi teams. To compete and represent New Zealand at this level, Koru Racing need sponsorship. If you're interested in supporting Koru Racing personally, please visit the Koru Racing Givealittle: If you're interested in supporting Koru Racing as a business, please email reilly@ for more information. Reilly Turner (Team Principle and Graphic Designer): 'Australia has competed in STEM Racing for 22 years now with ongoing sponsorship and development, so for a New Zealand team to have the fastest car is really exciting.' 'It was a great experience, and we're really proud to bring the fastest car trophy to New Zealand.' Lucas Alward (Design Engineer): ' It's quite an encouraging accomplishment, to be able to say that our little team from New Zealand went on to create the fastest car raced at Australia. I think it all comes down to research, testing, and development, and a process of continual refinement.' 'I'm very proud of what we've managed to achieve so far. We've shown the world that us Kiwis are serious competition, and we can prove ourselves on the international stage.' Aydan Hawken (Manufacturing Engineer): 'I believe our success is a testament to the countless hours our team have put in. Seeing that performance on the track makes it all worth it.' 'It's really a huge honour to win the fastest car award and bring it back to New Zealand . We really hope we made everyone back home proud.'
