Latest news with #FlyingKangaroo


West Australian
06-07-2025
- Business
- West Australian
‘Disappointing, frustrating': How Qantas data breach exposes deep flaws in Australia's cyber defences
The cyberattack targeting the personal data of customers with Qantas is the latest in a string of breaches affecting millions of Australians, as hackers target major companies and exploit weak spots in the systems they rely on. The breach, detected by the Flying Kangaroo on June 30, originated from a third-party customer servicing platform used by one of the airline's contact centres. Cybersecurity experts said the breach is part of a much broader problem - and corporate Australia is falling short. Dr Hammond Pearce, a lecturer in computer science and engineering at UNSW, told NewsWire the embarrassing incident at Qantas highlights a dangerous complacency among major companies. 'It's disappointing and frustrating that a company of this size and means, one which has tremendous importance to everyday Australians, is unable to safeguard our data,' Dr Hammond said. Although contained, the latest attack may have compromised names, phone numbers, email addresses, dates of birth, and frequent flyer numbers. Credit card details, passports, and login credentials were not affected. The suspected culprits are the cybercrime group Scattered Spider, known for targeting large organisations through helpdesk systems operated by third-party platforms, often using sophisticated social engineering techniques. The breach comes amid a significant surge in cyberattacks across Australian sectors. In April this year, thousands of AustralianSuper and Rest members were affected by 'credential stuffing' attacks, where hackers used stolen login details from past breaches to access accounts. The attackers siphoned off $500,000 from just four accounts. The Australian Signals Directorate, a Federal Government intelligence agency, responded to over 1100 cyber security incidents and 36,700 hotline calls in 2023–24, a 12 per cent jump on the previous year. Data breach notifications spiked 15 per cent in the second half of 2024. Healthcare remains the most targeted industry, with 102 reported breaches in the latter half of last year. Financial institutions and manufacturers are also under siege, with attackers exploiting stolen credentials, ransomware, and legacy technologies to halt operations or access sensitive information. Dr Hammond said it's becoming clear that large datasets of personal information, like names, birth dates, and phone numbers, should be 'treated as liabilities, not assets.' 'In Australia, as in many countries, the mass collection and retention of data is usually encouraged from a business point of view. 'Only the government has the abilities to bring in privacy-first rules which can motivate changes to this practice,' he said, urging regulatory reform to force companies to treat personal data with the seriousness it deserves. He warned that the accumulation of personal data is not only a risk in itself but a direct path to further harm. 'There is the very real potential for down-stream attacks whereby the stolen data is used for scams and other schemes; they might reach out to you pretending to be someone they are not,' he said. Dr Hammond said that while Qantas acted appropriately after discovering the breach, its overall cybersecurity posture was 'insufficient' — a pattern seen repeatedly across Australian organisations. 'Qantas is not alone in this regard, it is just the latest in a long string of companies which have had data breaches, and it is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. The Qantas breach follows a rising number of incidents linked to third-party vendors. Experts say supply chain vulnerabilities now account for the majority of data breaches in Australia, and organisations must hold external providers to the same high cybersecurity standards as internal systems. Stephen Kho, cybersecurity expert at Avast, told Newswire that businesses must go beyond simply defending against threats and start preparing. 'Businesses, no matter their size, need to accept that cyberattacks are no longer a matter of 'if', but 'when'. That means shifting from a purely defensive mindset to one of preparation and resilience,' Mr Kho said. While AI was not involved in the Qantas incident, cybersecurity professionals are increasingly warning that artificial intelligence will supercharge future threats. Scammers are now using AI to craft phishing messages, mimic voices, and even create deepfakes to deceive victims. As the technology advances, impersonation attacks and targeted scams are becoming harder to detect and more damaging. Mr Kho said prevention is still the best defence against increasingly sophisticated attacks, and he has advice for both the public and businesses. He recommends using a password manager to generate strong, unique logins for every account, keeping devices and apps updated to patch known vulnerabilities, and staying alert to anything that seems suspicious. 'A healthy dose of scepticism online is one of the best defences you have,' he said. Mr Kho also urges people to act quickly if something seems off, such as receiving unexpected verification codes, password reset emails, or strange messages from friends, as these may be signs an account has been compromised. If caught up in a breach, he advises updating sensitive passwords, monitoring bank statements, and watching out for phishing scams impersonating trusted brands like Qantas. 'The goal is to contain the damage before it escalates,' he said. For businesses, he urges companies to invest in secure infrastructure, regularly patch software, educate staff, and prepare a clear incident response plan if a breach occurs. 'How quickly and transparently a business responds can have a huge impact on how customers perceive and trust the brand afterwards.' The federal government has pledged up to $20 billion by 2033 to strengthen Australia's cyber defences and has launched awareness campaigns like 'Stop. Check. Protect.' to help Australians recognise and avoid online scams. But Dr Hammond argues that meaningful progress requires more than public awareness — it demands a systemic overhaul. 'It is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. Until then, Australians are being urged to take their own precautions, because as the Qantas breach makes clear, even the biggest and most trusted companies are far from immune.
Yahoo
05-07-2025
- Business
- Yahoo
Dire warning after Qantas breach
The cyberattack targeting the personal data of customers with Qantas is the latest in a string of breaches affecting millions of Australians, as hackers target major companies and exploit weak spots in the systems they rely on. The breach, detected by the Flying Kangaroo on June 30, originated from a third-party customer servicing platform used by one of the airline's contact centres. Cybersecurity experts said the breach is part of a much broader problem - and corporate Australia is falling short. Dr Hammond Pearce, a lecturer in computer science and engineering at UNSW, told NewsWire the embarrassing incident at Qantas highlights a dangerous complacency among major companies. 'It's disappointing and frustrating that a company of this size and means, one which has tremendous importance to everyday Australians, is unable to safeguard our data,' Dr Hammond said. Although contained, the latest attack may have compromised names, phone numbers, email addresses, dates of birth, and frequent flyer numbers. Credit card details, passports, and login credentials were not affected. The suspected culprits are the cybercrime group Scattered Spider, known for targeting large organisations through helpdesk systems operated by third-party platforms, often using sophisticated social engineering techniques. The breach comes amid a significant surge in cyberattacks across Australian sectors. In April this year, thousands of AustralianSuper and Rest members were affected by 'credential stuffing' attacks, where hackers used stolen login details from past breaches to access accounts. The attackers siphoned off $500,000 from just four accounts. The Australian Signals Directorate, a Federal Government intelligence agency, responded to over 1100 cyber security incidents and 36,700 hotline calls in 2023–24, a 12 per cent jump on the previous year. Data breach notifications spiked 15 per cent in the second half of 2024. Healthcare remains the most targeted industry, with 102 reported breaches in the latter half of last year. Financial institutions and manufacturers are also under siege, with attackers exploiting stolen credentials, ransomware, and legacy technologies to halt operations or access sensitive information. Dr Hammond said it's becoming clear that large datasets of personal information, like names, birth dates, and phone numbers, should be 'treated as liabilities, not assets.' 'In Australia, as in many countries, the mass collection and retention of data is usually encouraged from a business point of view. 'Only the government has the abilities to bring in privacy-first rules which can motivate changes to this practice,' he said, urging regulatory reform to force companies to treat personal data with the seriousness it deserves. He warned that the accumulation of personal data is not only a risk in itself but a direct path to further harm. 'There is the very real potential for down-stream attacks whereby the stolen data is used for scams and other schemes; they might reach out to you pretending to be someone they are not,' he said. Dr Hammond said that while Qantas acted appropriately after discovering the breach, its overall cybersecurity posture was 'insufficient' — a pattern seen repeatedly across Australian organisations. 'Qantas is not alone in this regard, it is just the latest in a long string of companies which have had data breaches, and it is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. The Qantas breach follows a rising number of incidents linked to third-party vendors. Experts say supply chain vulnerabilities now account for the majority of data breaches in Australia, and organisations must hold external providers to the same high cybersecurity standards as internal systems. Stephen Kho, cybersecurity expert at Avast, told Newswire that businesses must go beyond simply defending against threats and start preparing. 'Businesses, no matter their size, need to accept that cyberattacks are no longer a matter of 'if', but 'when'. That means shifting from a purely defensive mindset to one of preparation and resilience,' Mr Kho said. While AI was not involved in the Qantas incident, cybersecurity professionals are increasingly warning that artificial intelligence will supercharge future threats. Scammers are now using AI to craft phishing messages, mimic voices, and even create deepfakes to deceive victims. As the technology advances, impersonation attacks and targeted scams are becoming harder to detect and more damaging. Mr Kho said prevention is still the best defence against increasingly sophisticated attacks, and he has advice for both the public and businesses. He recommends using a password manager to generate strong, unique logins for every account, keeping devices and apps updated to patch known vulnerabilities, and staying alert to anything that seems suspicious. 'A healthy dose of scepticism online is one of the best defences you have,' he said. Mr Kho also urges people to act quickly if something seems off, such as receiving unexpected verification codes, password reset emails, or strange messages from friends, as these may be signs an account has been compromised. If caught up in a breach, he advises updating sensitive passwords, monitoring bank statements, and watching out for phishing scams impersonating trusted brands like Qantas. 'The goal is to contain the damage before it escalates,' he said. For businesses, he urges companies to invest in secure infrastructure, regularly patch software, educate staff, and prepare a clear incident response plan if a breach occurs. 'How quickly and transparently a business responds can have a huge impact on how customers perceive and trust the brand afterwards.' The federal government has pledged up to $20 billion by 2033 to strengthen Australia's cyber defences and has launched awareness campaigns like 'Stop. Check. Protect.' to help Australians recognise and avoid online scams. But Dr Hammond argues that meaningful progress requires more than public awareness — it demands a systemic overhaul. 'It is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. Until then, Australians are being urged to take their own precautions, because as the Qantas breach makes clear, even the biggest and most trusted companies are far from immune. Error in retrieving data Sign in to access your portfolio Error in retrieving data

News.com.au
05-07-2025
- Business
- News.com.au
‘Disappointing, frustrating': How Qantas data breach exposes deep flaws in Australia's cyber defences
The cyberattack targeting the personal data of customers with Qantas is the latest in a string of breaches affecting millions of Australians, as hackers target major companies and exploit weak spots in the systems they rely on. The breach, detected by the Flying Kangaroo on June 30, originated from a third-party customer servicing platform used by one of the airline's contact centres. Cybersecurity experts said the breach is part of a much broader problem - and corporate Australia is falling short. Dr Hammond Pearce, a lecturer in computer science and engineering at UNSW, told NewsWire the embarrassing incident at Qantas highlights a dangerous complacency among major companies. 'It's disappointing and frustrating that a company of this size and means, one which has tremendous importance to everyday Australians, is unable to safeguard our data,' Dr Hammond said. Although contained, the latest attack may have compromised names, phone numbers, email addresses, dates of birth, and frequent flyer numbers. Credit card details, passports, and login credentials were not affected. The suspected culprits are the cybercrime group Scattered Spider, known for targeting large organisations through helpdesk systems operated by third-party platforms, often using sophisticated social engineering techniques. The breach comes amid a significant surge in cyberattacks across Australian sectors. In April this year, thousands of AustralianSuper and Rest members were affected by 'credential stuffing' attacks, where hackers used stolen login details from past breaches to access accounts. The attackers siphoned off $500,000 from just four accounts. The Australian Signals Directorate, a Federal Government intelligence agency, responded to over 1100 cyber security incidents and 36,700 hotline calls in 2023–24, a 12 per cent jump on the previous year. Data breach notifications spiked 15 per cent in the second half of 2024. Healthcare remains the most targeted industry, with 102 reported breaches in the latter half of last year. Financial institutions and manufacturers are also under siege, with attackers exploiting stolen credentials, ransomware, and legacy technologies to halt operations or access sensitive information. Dr Hammond said it's becoming clear that large datasets of personal information, like names, birth dates, and phone numbers, should be 'treated as liabilities, not assets.' 'In Australia, as in many countries, the mass collection and retention of data is usually encouraged from a business point of view. 'Only the government has the abilities to bring in privacy-first rules which can motivate changes to this practice,' he said, urging regulatory reform to force companies to treat personal data with the seriousness it deserves. He warned that the accumulation of personal data is not only a risk in itself but a direct path to further harm. 'There is the very real potential for down-stream attacks whereby the stolen data is used for scams and other schemes; they might reach out to you pretending to be someone they are not,' he said. Dr Hammond said that while Qantas acted appropriately after discovering the breach, its overall cybersecurity posture was 'insufficient' — a pattern seen repeatedly across Australian organisations. 'Qantas is not alone in this regard, it is just the latest in a long string of companies which have had data breaches, and it is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. The Qantas breach follows a rising number of incidents linked to third-party vendors. Experts say supply chain vulnerabilities now account for the majority of data breaches in Australia, and organisations must hold external providers to the same high cybersecurity standards as internal systems. Stephen Kho, cybersecurity expert at Avast, told Newswire that businesses must go beyond simply defending against threats and start preparing. 'Businesses, no matter their size, need to accept that cyberattacks are no longer a matter of 'if', but 'when'. That means shifting from a purely defensive mindset to one of preparation and resilience,' Mr Kho said. While AI was not involved in the Qantas incident, cybersecurity professionals are increasingly warning that artificial intelligence will supercharge future threats. Scammers are now using AI to craft phishing messages, mimic voices, and even create deepfakes to deceive victims. As the technology advances, impersonation attacks and targeted scams are becoming harder to detect and more damaging. Mr Kho said prevention is still the best defence against increasingly sophisticated attacks, and he has advice for both the public and businesses. He recommends using a password manager to generate strong, unique logins for every account, keeping devices and apps updated to patch known vulnerabilities, and staying alert to anything that seems suspicious. 'A healthy dose of scepticism online is one of the best defences you have,' he said. Mr Kho also urges people to act quickly if something seems off, such as receiving unexpected verification codes, password reset emails, or strange messages from friends, as these may be signs an account has been compromised. If caught up in a breach, he advises updating sensitive passwords, monitoring bank statements, and watching out for phishing scams impersonating trusted brands like Qantas. 'The goal is to contain the damage before it escalates,' he said. For businesses, he urges companies to invest in secure infrastructure, regularly patch software, educate staff, and prepare a clear incident response plan if a breach occurs. 'How quickly and transparently a business responds can have a huge impact on how customers perceive and trust the brand afterwards.' The federal government has pledged up to $20 billion by 2033 to strengthen Australia's cyber defences and has launched awareness campaigns like 'Stop. Check. Protect.' to help Australians recognise and avoid online scams. But Dr Hammond argues that meaningful progress requires more than public awareness — it demands a systemic overhaul. 'It is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. Until then, Australians are being urged to take their own precautions, because as the Qantas breach makes clear, even the biggest and most trusted companies are far from immune.


West Australian
04-07-2025
- Business
- West Australian
Herd on the Terrace: Roger Cook might be walking on a nightmare with 'Made in WA' pledge
The Bull has been pondering whether Roger Cook is walking into a nightmare thanks to his government's obsession with making stuff in WA. Cook was out of the frying pan and into the fire this week after revelations the next Tourism WA advertising campaign will be partly produced on the east coast. Procuring elaborate visuals of flying whale sharks from elsewhere would ordinarily not be especially unusual, given Western Australia has three million people and a reasonably small film industry. But the government has walked (on a dream) into a locally-built mess given 'Made in WA' was their flagship pledge in a thumping March State Election victory. When mission-critical manufacturing jobs including buses, power line towers and batteries must be assembled in the State — at great expense — artists would be fair enough to ask why there are no such requirements for creative work. Then where does it end? Stand down, BHP's fly-in, fly-out work force, Rita Saffioti wants you in Neerabup slapping together over-priced refrigerators. Petroleum engineer? Not any more! Off to Bellevue to join local procurement champions Alstom. The French company will bank $1.4 billion to make the new Metronet C-Series rail cars in India, ship them to Perth, and add a few highly uncomfortable seats in a warehouse. Hope you know how to hold a welding torch! The new trains are a true tribute to globalisation, although the local union movement would never admit that. When 'Made in WA' is your biggest promise, it becomes the metric by which every decision will be judged. We may have a shortage of workers in WA but there's never a deficit of political over-commitment. Just when you thought the so-called national carrier was cleared for reputational take-off, cyber criminals have aimed their keyboards at Qantas. Close to six million Australians were in fear that their frequent flyer points had been siphoned off to Nigeria this week when the Flying Kangaroo revealed a major data breach. Thankfully, the government-protected airline promised customers 'no frequent flyer accounts were compromised', just personal identity details. All good then! Why bother stealing all those hard-earned points anyway, given they would probably expire before arrival. The hackers are as yet unknown but The Bull expects they will soon release the membership list of Qantas' infamous Chairman's Lounge as proof of life. When director Todd Sampson — who parachutes off the board at the end of the month — hosted the 2016-2020 TV show Body Hack, we can only assume Qantas did not intend the title to be taken literally. We hope Todd can imitate Liam Neeson and personally track down Australia's Taken passport details. Recent openings in two of WA's top lobbying jobs will mean anyone who's ever been in a photo with the Artful Roger will want to put their hands up for the prized positions. Plenty of eyes are on Association of Mining and Exploration Companies boss Warren Pearce as a top option to replace Chamber of Minerals and Energy chief Rebecca Tomkinson when she jets off to a lucrative London trade gig. Also hunting for new hires will be the Chamber of Commerce and Industry WA, thanks to the swift departure of fly-in, fly-out boss Peter Cock after just four months. A tenacious orator, Pearce made a name for himself for scoring tax production credits (or taxpayer handouts, depending on your persuasion) for the State's critical minerals battlers, and is regarded as a tactful treader between business and government. The CME job requires ensuring powerful members — such as Rio Tinto and BHP — have their needs heard loud and clear at the cabinet table. And we wouldn't want these multibillion-dollar multinationals left without a voice. Alas, word is the lobbyist has actually started to turn a shade of cerulean denying his interest in the role, and is dead set on staying put . . . really.

Herald Sun
26-06-2025
- Herald Sun
Qantas domestic sale has one million seats discounted
Don't miss out on the headlines from Lifestyle. Followed categories will be added to My News. See the parts of Australia you've never checked out before. You're probably not keeping count but the Flying Kangaroo has just launched its fifth sale of the year and it includes over 60 local destinations. Many of the airlines newest routes - such as Busselton to Perth - are also included When does the sale start? The sale has just dropped and it closes at 11.59pm AEST on June 30, 2025 unless sold out prior. When can I travel? Between August 2025 and March 2026. What are the lowest fares? One way domestic tickets start at $99. This, for example, will get you to Ballina from Sydney. If you want to do a points plus price arrangement the same trip will cost you $46 and 5300 points. Are business class seats on sale? Yes, 250,000 of them. For example, you can fly from the Gold Coast to Sydney one way for $459 or 30,300 points plus $81. What are some of the domestic flights in this sale? One way economy fares include: Gold Coast-Sydney for $119 Hobart to Sydney for $149 Adelaide-Melbourne for $149 Brisbane-Perth for $319 Ballina - Sydney $99 Melbourne - Sydney $139 Sunshine Coast - Sydney $119 Broome - Perth $239 As with all flight bookings be sure to read the terms and conditions attached to your ticket. Can you pay with frequent flyer points on these flights? Yes but only partially with a Classic Plus Points fare. If flying from Melbourne to Sydney, for example, it will cost you 8200 points plus $57. Originally published as Qantas slashes domestic fares with one million seats on sale