Latest news with #FrequentFlyer
Sky News AU
7 days ago
- Sky News AU
'All kinds of downstream attacks': Chilling warning after Qantas cyber attack breaches details of almost six million customers
A cyber security expert has warned data stolen in the cyber attack on Qantas could be used for 'all kinds of downstream attacks'. On Wednesday, Qantas confirmed 5.7 million customer records were impacted by the cyber incident, which resulted in 1.3 million addresses and 900,000 phone numbers being accessed. Customers have since started to receive follow-up emails outlining exactly what pieces of their personal details have been accessed. For some customers, the accessed data includes their name, email address and Qantas Frequent Flyer number. For other flyers, the cyberattack accessed their Qantas tier, points balance and status credits. UNSW cyber security expert Dr Hammond Pearce said people should be most wary of scam calls and phishing attacks when someone calls impersonating someone from a reputable company who appears to have your file open with your details. Dr Pearce said the scammers 'gain your trust' before setting you up for a 'downstream attack goal'. The cyber security expert said a 'healthy degree of skepticism' was vital to avoid such breaches and to verify the person on the other end of the line was who they said they were. Dr Pearce even suggested hanging up on a supposed Qantas call and calling back on the Qantas hotline to provide 'a bit more certainty' you were talking to a legitimate company employee. To counteract any cyberattacks or account hacks using passwords, Dr Pearce strongly suggested multi-factor authentication. 'This is something that we would encourage everyone to be using on every service that supports it,' he said. 'In terms of what you can do ... just have a healthy degree of skepticism when people cold call you.' Dr Pearce said Qantas would have an uphill battle in getting to the root of the attack as cyber-attackers had a wide-ranging arsenal of tricks. ' Cyber attackers have a lot of different tools in their arsenal to hide who they are. It can be quite tricky for (Qantas) to work out who's taken the data, where they've put it - has it been leaked?' he said. 'These are all questions that are notoriously difficult to answer. Yeah, they've got some hard work ahead of them.' Dr Pearce said a ransom situation was 'very difficult' as the circumstances indicated the Qantas data had been copied rather than stolen completely. 'The Australian government recommends never paying any kind of ransom for these kinds of situations because at the end of the day, you're only really going to encourage further cyber-criminal activity by doing so,' he said. The national carrier reassured customers that no credit card details, personal financial information or passport details were stolen. Qantas said there continues to be "no impact" to Qantas Frequent Flyer accounts, including PINs, passwords and login details. "The data that was compromised is not enough to gain access to these Frequent Flyer accounts," the airline said. Qantas Group CEO Vanessa Hudson said Qantas has put in place a "number of additional cyber security measures" to further protect customers data following the incident. "We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police," she said earlier on Wednesday. "I would like to thank the various agencies and the federal government for their continued support." Qantas first detected unusual activity on a third-party platform used by an airline contact centre last Monday.
Sky News AU
09-07-2025
- Business
- Sky News AU
'Confirmation of your details impacted': Qantas emails update to millions of Australians affected by cyber attack
Emails from Qantas informing passengers what elements of their personal data were accessed in the recent cyber attack have been sent to millions of Australians. Qantas on Wednesday confirmed 5.7 million customer records were impacted by the cyber incident, which resulted in 1.3 million addresses and 900,000 phone numbers being accessed. Customers have since started to receive follow-up emails outlining exactly what pieces of their personal details have been accessed. The email, titled "confirmation of your details impacted by the cyber incident", was sent on behalf of Qantas Group CEO Vanessa Hudson. "I am writing to provide you with an update on your data that was accessed as part of the recent cyber incident," the email began. Australians will receive slightly different emails based on what specific personal data was accessed. "I know this incident has been concerning and I am deeply sorry for the uncertainty this has caused," Ms Hudson continued. "Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed." The email then outlines to the customer what elements of their personal information was accessed, following an investigation by Qantas cyber security teams. For some customers, the accessed data includes their name, email address and Qantas Frequent Flyer number. For other flyers, the cyber attack accessed their Qantas tier, points balance and status credits. Qantas said there is "no evidence that any stolen personal data has been released" since the attack, but specialist cyber security experts will continue to monitor the situation. The national carrier reassured customers that no credit card details, personal financial information or passport details were stolen. Qantas said there continues to be "no impact" to Qantas Frequent Flyer accounts, including PINs, passwords and login details. "The data that was compromised is not enough to gain access to these Frequent Flyer accounts," the airline said. Earlier, the airline said about four million customer records that were impacted were limited to name, email address and Qantas Frequent Flyer details. Of that cohort, at least 1.2 million customers' names and email addresses were taken, while for another 2.8 million, their names, email address and Qantas Frequent Flyer number were stolen. The majority of the latter group also had their tier accessed, while a smaller selection had their points balance and status credits included. Of the remaining 1.7 million customers, 1.1 million had their date of birth taken and 900,000 had phone numbers accessed. The airline said 1.3 million addresses, which included residential and business addresses alongside hotels for misplaced baggage delivery, were taken in the breach. Qantas has urged customers to "remain vigilant to any misuse" of their personal information and be alert to scams. The airline has reminded customers that Qantas would never contact customers requesting passwords, booking reference details or any other sensitive information. Ms Hudson said Qantas has put in place a "number of additional cyber security measures" to further protect customers data following the incident. "We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police," she said earlier on Wednesday. "I would like to thank the various agencies and the federal government for their continued support." Qantas first detected unusual activity on a third-party platform used by an airline contact centre last Monday. Customers who believe they have been targeted by a scam should report it to Scamwatch, while Qantas flyers can contact its customer cyber support line on 1800 971 541 or 02 8028 0534.
News.com.au
09-07-2025
- Business
- News.com.au
Qantas begins updating customers on their personal data that was compromised
Qantas has revealed the number of customers impacted by the mass cyber incident, with millions to be contacted by the airline from today with specifics on what of their personal data was compromised. The national carrier confirmed a cyber criminal targeted a call centre, based in Manila in the Philippines and gained access to a third party customer servicing platform used by the airline. Customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers were stolen. Qantas CEO Vanessa Hudson said on Wednesday the airline's focus following incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible. 'From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services,' Ms Hudson said. The airline said after removing duplicate records, its investigation found that there were 5.7 million unique customers' data held in the system. Customers impacted will also be notified on how to protect themselves moving forward. The airline disclosed around 1.2 million customer records contained name and email address and 2.8 million customer records contained name, email address and Qantas Frequent Flyer number. 'The majority of these also had tier included. A smaller subset of these had points balance and status credits included,' the latest statement read. The airline noted of the remaining 1.7 million customers, their records included a combination of some of the data fields above and one or more of the following: – Address – 1.3 million. This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery. – Date of birth – 1.1 million – Phone number (mobile, landline and/or business) – 900,000 – Gender – 400,000. This is separate to other gender identifiers like name and salutation. – Meal preferences – 10,000 Ms Hudson said since the incident, they have put in place a number of additional cyber security measures 'to further protect our customers data, and are continuing to review what happened'. 'We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.' Meanwhile, the airline said in a statement on Monday that 'a potential cybercriminal has made contact' but it would not disclose if a ransom was being sought. 'As this is a criminal matter, we have engaged the Australian Federal Police and won't be commenting any further on the detail of the contact,' a Qantas spokesperson said. Qantas said it was working with cybersecurity experts 'to validate' the authenticity of the communication. 'There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cybersecurity experts, we continue to actively monitor,' the airline said. The airline has reiterated personal information such as credit card, passport, and financial details were not stored in the system in question. 'There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and login details were not accessed or compromised. The data that was compromised is not enough to gain access to these frequent flyer accounts,' the airline said.
Herald Sun
09-07-2025
- Business
- Herald Sun
Qantas cyber hack proves it's time to get real about your points
Don't miss out on the headlines from Lifestyle. Followed categories will be added to My News. A lot has been happening with Qantas lately between a cyber incident and an upcoming points devaluation. Both serve as a timely reminder: your points are as valuable as cash. In the last week, Qantas confirmed it was the victim of a data breach impacting up to six million customers. The breach stemmed from unauthorised access to a third-party customer service platform used by one of its call centers in the Philippines. Compromised data includes full names, email addresses, phone numbers, dates of birth and frequent flyer membership numbers. Qantas has reassured members that credit card details, personal financial information and passport details are not held in this system. While some Frequent Flyer numbers were accessed, no Frequent Flyer accounts were compromised, nor have passwords, PINs or log in details been accessed. Your passwords weren't accessed in the breach, but your name, email and phone number could well have been. A few weeks before this incident, Qantas announced it is increasing the number of Frequent Flyer points required to secure a Classic Reward fare. Not uncommon among airline loyalty programs, this effectively moves the goalpost and requires more points for the same fare. As I woke up to news about the breach – and being points obsessed – my first instinct was to double check my points balance. Do you know your points balance? It made me wonder how many Frequent Flyers actually know their points balance. If any went missing, would you know about it? How often do you check your Woolies grocery runs are trickling in? What are your plans for your points? If you have to think about the answer to all of these questions, it's time to pay more attention. Hackers treat them like currency and it's time you did too. Here's how to protect your balance. Monitor your points like you would your bank account Frequent flyer points are as good as cash. Every month, log in and check everything is in order. If your points are auto converting from BP Rewards or Everyday Rewards, check they are landing. If something doesn't look right, report it immediately via the Qantas support line. Be aware of scams Scammers are likely to ride the coattails of the breach and send phishing emails or texts that look like they are from Qantas. Avoid clicking links in messages and double check the sender's email. Instead, call or go to the Qantas website to verify any communication. If you're worried about the breach, keep an eye out from scammers pretending to be Qantas, and set up two factor authentication on your account. Use unique and strong passwords Qantas123 as a password doesn't cut it. While passwords and PINs weren't compromised, and Qantas reassures members there's no need to change either of them, it is a good reminder to make sure you are using strong and unique passwords. If you haven't already, set up Two-Factor Authentication (2FA) on your Qantas Frequent Flyer by logging into your account. Have a plan for your points If you've been hoarding points without a goal, it's time to rethink that. Your points have no value until you cash them in. And as of August 5, just like a foreign currency can suddenly lose value, their buying power is about to drop. Whether it's a flight redemption or an upgrade to business, make a plan for your points and make them work for you! See also: Points Guru: Can I sell my Qantas frequent flyer points? Concerned about your information? All impacted customers over the age of 15 were notified over email – be sure to check your junk or spam folder in case it landed there. Qantas members can contact the airline's dedicated support line on 1800 971 541 or +61 2 8028 0534. Impacted members will have access to specialist identity protection advice and resources through this team. Originally published as Qantas cyber hack proves it's time to get real about your points
Perth Now
09-07-2025
- Business
- Perth Now
Major update after Qantas cyber attack
Qantas has provided an update after a cyber hack impacted millions of customers. The airline was hit by a data breach at one of its call centres on June 30. Qantas has begun updating customers on compromised personal data and progressed in its forensic analysis of the customer data stolen in the attack. The airline found that 5.7 million accounts were compromised, with specific data fields varying from customer to customer. Qantas confirmed no personal details and financial information were stolen in the attack. NewsWire / Luis Enrique Ascui Credit: News Corp Australia However, the airline confirmed there was 'no evidence' that personal data stolen in the cyber hack has been released publicly; however, the company said it would 'continue to actively monitor' the hack with the help of cybersecurity experts. No credit card details, personal financial information or passport details were stored in the system that was hacked and 'therefore have not been accessed', the airline said. 'There continues to be no impact to Qantas Frequent Flyer accounts,' they said. 'Passwords, PINs and login details were not accessed or compromised. The data that was compromised is not enough to gain access to these frequent flyer accounts.' The airline is beginning the process of contacting customers. NewsWire / Ben Clark Credit: News Corp Australia The analysis of the data stored found that about four million customer records were limited to name, email address and Qantas Frequent Flyer details. Of these, 1.2 million customer records contained their name and email address, and 2.8 million records featured a customer's name, email address and Qantas Frequent Flyer number. Qantas chief executive Vanessa Hudson said the airline was starting the process of contacting the 5.7 million affected customers. NewsWire / Luis Enrique Ascui Credit: News Corp Australia Chief executive Vanessa Hudson said Qantas was starting the process of reaching out to affected customers. 'Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,' she said. 'From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services. 'Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data and are continuing to review what happened. 'We remain in constant contact with the National Cyber Security Co-ordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the federal government for their continued support.'
