Qantas Airways is notifying millions of customers that their personal information may have been compromised following a cyberattack on a third-party platform used by one of its contact centers.
The Australian flag carrier said the breach was detected on June 30 and involved unauthorized access to a system outside of Qantas' core infrastructure. While no Qantas systems were directly breached and flight operations remain unaffected, the airline confirmed that attackers accessed and exfiltrated data from the compromised platform.
The potentially exposed data includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. The airline said that no credit card details, financial information, or passport data were stored on the affected platform.
Qantas said that frequent flyer accounts remain secure and that login credentials, including passwords and PINs, were not compromised. In response to the breach, the company said it has secured the affected system, notified law enforcement and cybersecurity authorities, and begun reaching out to impacted individuals.
The breach comes just days after similar cybersecurity incidents affected Hawaiian Airlines and warnings from cybersecurity agencies that the cybercrime group known as ‘Scattered Spider’ has shifted focus to the airline and transportation sector. It’s not clear yet, whether the Qantas incident is the work of Scattered Spider.
