Qantas Confirms Data Leak Affecting 5.7 Million Customers

Australian airline Qantas announced on October 1, 2023, that the data of approximately 5.7 million customers has been leaked online following a significant cyberattack earlier this year. This incident is part of a broader breach affecting multiple organizations, including major firms such as Disney, Google, and McDonald’s.

In July, Qantas confirmed that hackers had infiltrated one of its customer contact centers, compromising a system managed by a third party. The breach allowed unauthorized access to sensitive customer information, including names, email addresses, phone numbers, and birth dates. Notably, Qantas clarified that credit card details and passport numbers were not stored in the compromised system.

According to sources, the third-party company involved is Salesforce, which recently acknowledged facing “recent extortion attempts by threat actors.” In a statement, Qantas remarked, “With the help of specialist cybersecurity experts, we are investigating what data was part of the release.”

Legal Actions and Investigations Underway

To mitigate the situation, Qantas has secured a legal injunction from the Supreme Court of New South Wales. This injunction aims to prevent unauthorized access, viewing, release, or publication of the stolen data by any third parties. The airline stated that it is actively working with cybersecurity specialists to assess the extent of the breach.

Cybersecurity analysts have pointed to an alliance of cybercriminals known as Scattered Lapsus$ Hunters as being behind the hack. Research from Unit 42 indicates that this group has claimed responsibility for infiltrating Salesforce platforms to steal data and demand ransom. The hackers reportedly set an October 10 deadline for ransom payment.

Reports from the threat intelligence platform FalconFeeds suggest that the compromised customer data was posted on the dark web over the weekend. In addition to Qantas, other companies such as Vietnam Airlines, clothing giant Gap, and Japanese multinational Fujifilm have also experienced data leaks.

The breach appears to have employed social engineering tactics, a method where perpetrators manipulate victims by impersonating trusted individuals or representatives. As investigations continue, Qantas remains focused on addressing the fallout from this significant cybersecurity incident.

As the situation develops, Qantas will likely implement enhanced security measures to protect customer data and restore trust among its millions of clients.