Latest news with #NationalCyberSecurityCoordinator
Sky News AU
4 days ago
- Business
- Sky News AU
Qantas reveals the massive extent of the data stolen in last week's cyber attack with about 1.3 million addresses leaked
At least 1.3 million addresses and 900,000 phone numbers were leaked in the massive Qantas cyber breach where 5.7 million pieces of unique customer data were stolen. Qantas on Wednesday released an update after the airline confirmed last week that many pieces of critical information were stolen. While the carrier said no credit card details, personal financial information or passport details were accessed, some personal information was leaked in the attack. The airline said 1.3 million addresses, which includes residential and business addresses alongside hotels for misplaced baggage delivery, were taken in the breach. The date of births for 1.1 million customers, alongside 900,000 phone numbers, the genders of 400,000 and the meal preferences of 10,000 were also leaked. At least 1.2 million customers' names and email addresses were taken, while another 2.8 million customers' name, email address and Qantas Frequent Flyer number were stolen. The majority of these had their tier list included while a smaller group had their points balance and status credit included. Qantas CEO Vanessa Hudson said the carrier is reaching out to impacted customers to alert them about the specific information that was leaked and is increasing security measures. 'Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened," Ms Hudson said 'We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.' Qantas first detected unusual activity on a third-party platform used by an airline contact centre last Monday. The airline said it took "immediate steps and contained the system" and assured customers all of the airline's systems remained secure. An investigation into the cyber incident is ongoing, and additional security measures are also being put in place to "further restrict access and strengthen system monitoring and detection".
Sky News AU
03-07-2025
- Sky News AU
Qantas explains password policy after cyber hack
Millions of Aussies have been impacted by the shock cyber hack on Qantas, which extracted sensitive customer data including names, emails, phone numbers, birth dates and frequent flyer numbers. But what happens now? Do you need to change your password? Qantas CEO Vanessa Hudson, in an email that started landing in the inboxes of impacted customers on Wednesday, says no. 'I want to reassure our Qantas frequent flyers that there's no requirement to reset your password or pin,' she writes. 'If you're having trouble accessing your account, reset your password or call the Qantas Frequent Flyer Service Centre.' Passwords, PIN numbers and log in details are still safe, Qantas says, because these were not accessed or compromised in the hack. The company also says the information extracted by the criminals is not enough to gain access to frequent flyer accounts. Further, all frequent flyer account by default have multi-factor authentication or two-factor authentication already enabled. A one-time password code sent to a registered mobile number of email is an example of this. All the same, you're free to update your password and login details any time you'd like. The hack happened at Qantas' Manila call centre. The criminals used a 'vishing' ploy, or voice phishing, to trick a call centre operator into helping them access to confidential information. The company has stressed there was no impact to its operations or the safety of the airline. 'We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,' Qantas said in a statement. 'An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers. 'Importantly, credit card details, personal financial information and passport details are not held in this system. 'No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.' Ms Hudson said the company was now working with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. So what now? You don't need to change your password or PIN numbers, but is there anything else you need to do? Yes. Be alert over the next few days and weeks. Qantas recommends customers: – Remain alert for unusual communications claiming to be from Qantas – Be cautious of emails or call asking for personal information or passwords 'Remember, Qantas will never contact you requesting passwords, booking reference details or sensitive login information,' the company said. Software security company Norton, meanwhile, says the most crucial thing you can do to help protect your personal information is to practice 'safe password use'. 'Never reuse the same password on multiple websites,' the company says. 'Even if it's just two or three sites, it's still not a good idea. Once a cybercriminal obtains a cache of user credentials, they will then attempt to try them on other, well known websites, especially ones that are e-commerce, financial and medical related. Second, the company says you should always deploy 'strong passwords'. 'A password should be a random string of letters, numbers and special characters and must contain no less than eight characters (the more the better). 'But they don't really have to be 100 per cent random, it can still be memorable to you.' Further, the company recommends changing your password if you are the victim of a data breach. Originally published as Qantas updates customers on passwords in aftermath of cyber hack
1News
02-07-2025
- Business
- 1News
Data from up to six million Qantas customers stolen in cyber attack
Cyber criminals have gained access to "significant" data belonging to six million Qantas customers after hacking a call centre with records including customers' names, email addresses, phone numbers and birth dates. The airline on Wednesday confirmed the cyber incident on a third-party platform but assured customers the system had since been contained. Qantas first caught wind of the attack when it detected unusual activity on a third party platform used by a Qantas airline contact centre on Monday. "The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform," the company said in a statement. "There is no impact to Qantas' operations or the safety of the airline. ADVERTISEMENT "We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers." No credit card details, financial information or passport details were held in the system that had been compromised, Qantas said. It also said no frequent flyer account details, including passwords, PIN numbers or log-in details had been accessed. 1News asked Qantas whether any New Zealanders were affected and was told the "majority" of affected customers were in Australia. Qantas Group chief executive Vanessa Hudson said the company was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. "We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously," she said. "We are contacting our customers today and our focus is on providing them with the necessary support." A dedicated customer support line had been established to provide customers with the latest information. — additional reporting by 1News.
Free Malaysia Today
02-07-2025
- Business
- Free Malaysia Today
Australian airline Qantas says hit by ‘significant' cyberattack
Qantas confirmed that no credit card or passport data was stored in the breached system, and operations remain unaffected. (AP pic) SYDNEY : Australian airline Qantas said Wednesday it was investigating a 'significant' cyberattack, after hackers infiltrated a system containing sensitive data on six million customers. Qantas said hackers had targeted one of its customer contact centres, breaching a computer system used by a third party. They had access to sensitive information such as customer names, email addresses, phone numbers and birthdays, the blue-chip Australian company said. 'There are 6 million customers that have service records in this platform,' the company said in a statement. 'We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.' Credit card details and passport numbers were not kept in the system, Qantas added. 'There is no impact to Qantas' operations or the safety of the airline.' Chief executive Vanessa Hudson said Qantas had notified Australia's National Cyber Security Coordinator. 'We sincerely apologise to our customers and we recognise the uncertainty this will cause,' she said. 'Our customers trust us with their personal information and we take that responsibility seriously.' Qantas apologised in 2024 after a glitch with its mobile app exposed some passengers' names and travel details. A string of major cyberattacks have in recent years raised concerns about the protection of Australians' personal data. Major ports handling 40% of Australia's freight trade ground to a halt in 2023 after hackers infiltrated computers belonging to operator DP World. Russia-based hackers in 2022 breached one of Australia's largest private health insurers, accessing the data of more than nine million current and former customers. The same year telecom company Optus suffered a data breach of similar magnitude in which the personal details of up to 9.8 million people were accessed.
