Latest news with #CyberSecurityCentre
SBS Australia
6 days ago
- SBS Australia
Nearly six million Qantas records held in hacked system, airline says
Millions of records — covering names, email address, phone numbers and even meal preferences — were held on the Qantas systems accessed in a "cyber incident", the airline says. Qantas said 5.7 million customer records were impacted when a third-party system used by an offshore call centre was hacked at the end of June. It added that there is "no evidence" that personal data stolen from Qantas has been released, but was contacting customers to let them know what data of theirs was held in the system that was breached. The majority of the records — four million — contained names, email addresses and Qantas Frequent Flyer details, with some including tier level, points balance and status credits. The addresses of around 1.3 million, phone numbers of 900,000, and meal preferences of 10,000 customers were held on the system. Qantas CEO Vanessa Hudson said extra cybersecurity measures have been put in place and a review is underway. She added: "Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible." The National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police have also been contacted by Qantas.
CTV News
02-07-2025
- Business
- CTV News
Qantas cyber hack could have stolen ‘significant' amount of data from six million customers
Australian airline Qantas says a data hack on Monday exposed the personal information of six million customers and it expects the amount stolen to be 'significant.' The hack penetrated a third-party customer service platform used by a Qantas contact center, the airline said in a statement on Wednesday. Six million customers have service records on the platform – with data including some of their names, email addresses, phone numbers, birth dates and frequent flyer numbers. However, the platform does not contain any customer credit card details, financial information or passport details, Qantas said. After Qantas detected 'unusual activity' on the platform, it took action and 'contained' the system, it said. The statement said all Qantas systems are now secure, and there is no impact to the company's operations or safety. It's not clear exactly how much data was stolen, 'though we expect it to be significant,' the airline said. It is now working to support affected customers, and is cooperating with the Australian Cyber Security Centre, Australian Federal Police and independent cybersecurity experts on the investigation. 'We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,' said Qantas CEO Vanessa Hudson in the statement. 'We are contacting our customers today and our focus is on providing them with the necessary support.' Qantas' share price was down 3.5 per cent in morning trading, against a 0.4 per cent gain in the broader market, according to Reuters. Australia has seen a series of major cyberattacks and company hacks in recent years. In 2019, a cyberattack targeted Australia's ruling and opposition parties less than three months before a national election. Two years later, broadcaster Nine News suffered a cyberattack that forced a number of live shows off air – calling it the largest cyberattack on a media company in Australia's history. Most recently in 2022, cybercriminals in Russia conducted a ransomware attack on Medibank, one of Australia's largest private health insurers. Sensitive personal data, including health claims information, was stolen from 9.7 million customers – some of which was then released onto the dark web. Last year, Australia publicly named and imposed sanctions on a Russian national for his alleged role in the attack. He was an alleged member of the Russian ransomware gang REvil, which had previously launched large attacks on targets in the United States and elsewhere, before Russian authorities cracked down in 2022 and detained multiple people. Article written by Jessie Yeung, CNN
CNN
02-07-2025
- Business
- CNN
Qantas cyber hack could have stolen ‘significant' amount of data from six million customers
Australian airline Qantas says a data hack on Monday exposed the personal information of six million customers and it expects the amount stolen to be 'significant.' The hack penetrated a third-party customer service platform used by a Qantas contact center, the airline said in a statement on Wednesday. Six million customers have service records on the platform – with data including some of their names, email addresses, phone numbers, birth dates and frequent flyer numbers. However, the platform does not contain any customer credit card details, financial information or passport details, Qantas said. After Qantas detected 'unusual activity' on the platform, it took action and 'contained' the system, it said. The statement said all Qantas systems are now secure, and there is no impact to the company's operations or safety. It's not clear exactly how much data was stolen, 'though we expect it to be significant,' the airline said. It is now working to support affected customers, and is cooperating with the Australian Cyber Security Centre, Australian Federal Police and independent cybersecurity experts on the investigation. 'We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,' said Qantas CEO Vanessa Hudson in the statement. 'We are contacting our customers today and our focus is on providing them with the necessary support.' Qantas' share price was down 3.5% in morning trading, against a 0.4% gain in the broader market, according to Reuters. Australia has seen a series of major cyberattacks and company hacks in recent years. In 2019, a cyberattack targeted Australia's ruling and opposition parties less than three months before a national election. Two years later, broadcaster Nine News suffered a cyberattack that forced a number of live shows off air – calling it the largest cyberattack on a media company in Australia's history. Most recently in 2022, cybercriminals in Russia conducted a ransomware attack on Medibank, one of Australia's largest private health insurers. Sensitive personal data, including health claims information, was stolen from 9.7 million customers – some of which was then released onto the dark web. Last year, Australia publicly named and imposed sanctions on a Russian national for his alleged role in the attack. He was an alleged member of the Russian ransomware gang REvil, which had previously launched large attacks on targets in the United States and elsewhere, before Russian authorities cracked down in 2022 and detained multiple people.
Yahoo
02-07-2025
- Business
- Yahoo
Qantas data breach exposes up to six million customer profiles
Qantas is contacting customers after a cyber attack targeted their third-party customer service platform. On 30 June, the Australian airline detected "unusual activity" on a platform used by its contact centre to store the data of six million people, including names, email addresses, phone numbers, birth dates and frequent flyer numbers. Upon detection of the breach, Qantas took "immediate steps and contained the system", according to a statement. The company is still investigating the full extent of the breach, but says it is expecting the proportion of data stolen to be "significant". It has assured the public that passport details, credit card details and personal financial information were not held in the breached system, and no frequent flyer accounts, passwords or PIN numbers have been compromised. Qantas has notified the Australian Federal Police of the breach, as well as the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. "We sincerely apologise to our customers and we recognise the uncertainty this will cause," said Qantas Group CEO Vanessa Hudson. She asked customers to call the dedicated support line if they had concerns, and confirmed that there would be no impact to Qantas' operations or the safety of the airline. The cyber attack is the latest in a string of Australian data breaches this year, with AustralianSuper and Nine Media suffering significant leaks in the past few months. In March 2025, the Office of the Australian Information Commissioner (OAIC) released statistics revealing that 2024 was the worst year for data breaches in Australia since records began in 2018. "The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish," said Australian Privacy Commissioner Carly Kind in a statement from the OAIC. Ms Kind urged businesses and government agencies to step up security measures and data protection, and highlighted that both the private and public sectors are vulnerable to cyber attacks.
ITV News
07-05-2025
- ITV News
Jersey cyber security experts warns islanders to protect themselves against deepfake video scams
ITV Channel reporter Emma Volney reflects on the rise in AI scams and asks an expert how to spot them A cyber security expert in Jersey is urging members of the public to act "logically, rather than emotionally" when using social media in order to protect themselves against online scammers. It comes as a deepfake video recently circulated on social media appears to show Jersey's Chief Minister Lyndon Farnham in conversation with ITV Channel's Emma Volney, discussing a new "government-backed investment programme". Generated using artificial intelligence (AI), the deepfake video claims to offer islanders £800 per week if they sign up to the new 'government scheme' and invest £200. The fake voice of 'Lyndon Farnham' states, "This has nothing to do with FOREX trading, pyramid schemes, and other nonsense found everywhere" in an attempt to reassure viewers of the scheme's legitimacy. The voice adds that if investors do not earn £800 within a week, "I am willing to give you your money back out of my own pocket". It also urges viewers to act quickly, warning that if they close the web tab, "their link will expire and so will their chance to profit" because "it's impossible to give everyone access to this financial platform and have everyone become millionaires". However, this video is completely false and was generated by scammers to encourage people to hand over their money and sensitive information. Deepfake videos take pre-existing footage, audio, and pictures to create new content depicting events that never happened. Relying on AI tools such as facial recognition and machine learning software, they are often very difficult to identify as false. Matt Palmer, director of Jersey's Cyber Security Centre, says this type of scam is likely to become more commonplace as technology advances. "It's quite scary the way that people can pull these together in a way that you could very easily assume is real," he says. "I think the reality is we are going to see more and more of these with the advancement of artificial intelligence tools. "They're great for us as resources - but also good for organised crime, hackers, and people who'd like to do us harm." However, Mr Palmer believes the "telltale signs of a scam" have not changed and islanders are still able to take simple steps to protect themselves. How can I identify a deepfake? Video quality: Is the video high-quality? Is there a degree of 'jitteriness' that is unexpected? Mr Palmer says this will "get harder to spot" as technology advances but at the moment, AI-generated content tends to be of a lower quality. Mannerisms & tone of voice: Is the person in the video acting as you'd expect them to? Is the language they're using typical? Have you seen them speak or act that way before? Mr Palmer says the "ideal target for a scammer is somebody who generates an emotional response, because that will get people to respond more quickly"; hence why trusted community figures such as Lyndon Farnham or Emma Volney are being used. He adds that if this person is acting or speaking in a way that feels unfamiliar, it could be a sign the video is not real. "If you watch the video, you will see they're saying 'you must act now' and 'you must fill your details in on this website or you will lose this opportunity'", Mr Palmer says. He adds: "In a normal transaction you know if you walk away and come back, that's completely normal. "If people are asking us not to, it's because they're trying to short-circuit those thought processes and instead ask us to act emotionally: so don't act emotionally, think it all through." Logic & reason: Does the video use understandable language? Do you understand what it is selling you? Are the offers made reasonable and realistic? "I think most islanders wouldn't claim to be experts in areas like cryptocurrency", he says, "so if you don't understand what you're investing in - don't invest". "Ask a friend or call an expert to ask 'is this real' before proceeding", he says. "Rather like walking in the street in an unknown town, treat the online world like something you need to be cautious of - and don't trust people unless you know who they are and what they're selling." Deputy Farnham describes the deepfake video as "absolutely appalling". "I'm deeply disappointed that criminals will resort to this kind of action to extort money from people," he says. "I fear we could well see more of this as the technology improves and it becomes easier for criminals to do - it's extremely important we remain careful and cautious in our online activities." Deputy Farnham adds that if islanders have any concerns, they should contact the Jersey Cyber Security Centre (JCSC) and if they fall victim to any scams, they should immediately contact the police. The fake video has been reported to both the JCSC and the States of Jersey Police.
