Qantas contacted by ‘potential cybercriminal' week after major breach saw millions of customers' data stolen
On Monday, Australia's national airline said someone had 'made contact' but did not say if ransom demands were made.
'As this is a criminal matter, we have engaged the Australian Federal Police and won't be commenting any further on the detail of the contact,' a Qantas spokesman said.
Efforts to 'validate' whether the contact was a legitimate cybercriminal are being made by the airline, which is working alongside cybersecurity experts to monitor the situation.
'There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cybersecurity experts, we continue to actively monitor,' Qantas said.
Last week, about six million Qantas customers had their personal details stolen in the cyberattack.
The airline's CEO Vanessa Hudson sent an email to all customers, not just those impacted, noting that some travellers' names, email addresses, dates of birth and Frequent Flyer numbers were taken in the hack.
However, no credit card details, personal financial information or passport details were accessed while Frequent Flyer accounts along with passwords, PIN numbers and log in details were also uncompromised.
Okta Global Head of Threat Intelligence Brett Winterford said the group behind the cyberattack on Australia's national airline was a known adversary, one his organisation tracks 'very closely'.
The cyber threat intelligence expert said there were a 'large number' of people within this adversary, and about half a dozen had been arrested, but it takes time for law enforcement to get their 'arms around them'.
'I think organisations need to assume these attacks are going to continue,' he said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
News.com.au
3 days ago
- News.com.au
Presiding judge will stay on Qantas case despite being ‘caught up' in the airline's major data breach
A judge will continue to preside over Qantas' stolen data case despite being among the millions of customers 'caught up' in the major data breach, arguing 'every judge of this court' was likely a Frequent Flyer member. Addresses, meal preferences and phone numbers were among the details of nearly six million Qantas customers compromised in a data breach of one of the airline's call centres on June 30. Qantas said Frequent Flyer details of customers was also on the system, but the airline confirmed there's no evidence of any personal data being released, nor credit card or passport details or personal financial information accessed. A judge will continue to preside over Qantas' stolen data case despite being among the millions of customers 'caught up' in the major breach. Picture: NewsWire / Luis Enrique Ascui Among those affected is Justice Francois Kunc, who is the presiding justice over Qantas' recent court action to protect the stolen data. The NSW Supreme Court granted an interim injunction to stop the data from being accessed, viewed, released, used, transmitted or published by anyone, including third parties. In a brief hearing on Wednesday, Justice Kunc said he has been Qantas Club and Qantas Frequent Flyer member 'for more years than I care to remember', and had received a generic email that his data 'is caught up' in the data breach. He disclosed this to Qantas counsel, and said he didn't believe this sufficient to recuse himself from the case, arguing it was a 'somewhat limited connection', and that people would feel he could be impartial. Justice Kunc also accepted the counsel's submission that 'the principle of necessity may come into play', arguing every judge was likely a Frequent Flyer or Qantas Club member. 'I would almost be prepared to take it as a matter of judicial notice that every judge of this Court is likely to have flown with Qantas and is probably a Frequent Flyer or member of the Qantas Club,' Justice Kunc said in his judgment. The accounts of 5.7 million Qantas customers were compromised in a data breach of one of the airline's call centres on June 30. Picture: NewsWire / David Swift Hackers emailed Qantas The airline has filed a statement of claim against 'persons unknown' in the Supreme Court, which is defined as anyone or entity that carried out, participated or assisted in stealing of the data, communicated payment demands to Qantas, or posted some or all of the stolen data online. The defendant allegedly contacted Qantas over a series of emails in which they claimed to have gained unauthorised access to data and stolen confidential data. While much of that section of the document has been redacted, it does state 'at no time has Qantas made a payment to the Defendant'. The court on Thursday moved to restrain the defendant or any third parties from publishing the stolen data online, transmitting or disclosing it to any other person, using and viewing any of the data except for the purpose of gaining legal advice, and promoting or publishing any links where the data may be downloaded without the written consent of Qantas. They must take all reasonable steps to remove the data from the internet, 'including, for the avoidance of doubt, from 'dark web' locations'. The matter is expected to be heard in the Supreme Court on Friday afternoon.
News.com.au
3 days ago
- News.com.au
Class action alleges Qantas ‘failed' to protect personal information in wake of major data breach
Qantas failed to protect passengers' personal information, according to a law firm seeking potential compensation from the airline after a major data breach. Maurice Blackburn Lawyers have lodged a complaint with the Office of the Australian Information Commissioner (OAIC), alleging the airline 'failed to take reasonable steps to protect personal information' and therefore interfered with privacy under the privacy act. The details of nearly six million Qantas customers were potentially compromised in the data breach of one of the airline's call centres on June 30, including addresses, phone numbers, meal preferences, and Frequent Flyer details. Qantas has confirmed there is no evidence of any personal data being released, nor credit card or passport details or personal financial information accessed. 'Register with us' Maurice Blackburn principal lawyer Elizabeth O'Shea confirmed an official complaint had been lodged against the airline, encouraging those affected in the breach to register with the firm to receive updates about potential compensation. 'While we await a response and potential action from the OAIC in relation to Qantas failing to adequately protect the personal information of its customers, we would encourage Qantas customers who were impacted by the breach to register with us to receive updates about the representative complaint and compensation which may be sought on your behalf,' Ms O'Shea said in a statement. 'It is early days in what we are learning about the mass data breach, but if you're one of the millions of people that have had your personal information compromised, you're eligible to register with us and we will keep you informed as the matter progresses.' A Qantas spokeswoman said the company remained focused on supporting customers. 'Qantas understands that a complaint has been lodged by Maurice Blackburn on behalf of some affected customers in relation to our recent cyber incident,' the spokeswoman said. 'Our focus continues to be on supporting our customers and providing ongoing access to specialist identity protection advice and resources.' Qantas have moved to prevent the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including third parties, following the granting of an interim injunction in the NSW Supreme Court. The airline also filed a statement of claim against anyone who carried out, participated or assisted in stealing of the data, communicated payment demands to Qantas, or posted some or all of the stolen data online. The defendant, and any third parties, were prevented by the court from publishing the stolen data online, transmitting or disclosing it to any other person, using and viewing any of the data except for the purpose of gaining legal advice, and promoting or publishing any links where the data may be downloaded without the written consent of Qantas. They were also ordered to take all reasonable steps to remove the data from the internet, including any 'dark web' locations.
9 News
3 days ago
- 9 News
Fijian man accused of exposing himself to two women on Jetstar flight
A Fijian man has faced court after allegedly exposing himself on a flight to two women sitting in the same row as him. Ulaiasi Uto Viladai, 30, is accused of exposing himself on a Jetstar flight from Melbourne to Brisbane on the morning of June 1. The two women did not know Viladai and were moved to different seats after they raised the alarm. READ MORE: Trump diagnosed with blood condition after troubling find Ulaiasi Uto Viladai is accused of exposing himself on a Jetstar flight from Melbourne to Brisbane. (Australian Federal Police) He was monitored by cabin crew for the rest of the flight before being escorted off the plane by police. Other passengers and crew were also spoken to as part of the investigation. Viladai was charged with one count of indecent exposure, which has a maximum penalty of one year in prison. READ MORE: The man who skydived from space dies in freak accident Court documents reveal Viladai is residing in Australia on a work visa. He faced Brisbane Magistrates Court today, where the matter was adjourned until August 15. Viladai left court quickly after his appearance. AFP Detective Superintendent Anthony Conway earlier criticised the "offensive behaviour" where passengers were confined in a small space. "Indecent conduct on a plane will not be tolerated," he said. "The AFP will take action against individuals who engage in this kind of criminal behaviour."
