Australian airline Qantas has confirmed it is being extorted following a recent cyberattack that may have exposed the personal data of up to 6 million customers.
The company disclosed the incident in an updated statement, revealing that a threat actor has made direct contact and is demanding a ransom.
“A potential cyber criminal has made contact, and we are currently working to validate this,” Qantas stated. The airline added that it has involved the Australian Federal Police and will not provide further public details due to the ongoing criminal investigation.
The breach was initially disclosed on July 1, after Qantas detected suspicious activity in a third-party system used by one of its contact centres. The compromised data includes customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. Fortunately, no financial information, passwords, PINs, or passport details were affected, according to the airline.
Qantas is urging customers to remain vigilant against potential phishing attempts or scam emails leveraging the stolen data. The company emphasized that all legitimate emails will come from the qantas.com domain and warned it will never request sensitive information such as passwords or booking codes via email, text, or phone.
The cyberattack appears to be part of a broader campaign targeting the aviation sector, allegedly carried out by the Scattered Spider threat group. Known for their sophisticated social engineering tactics, the group has previously breached companies in the retail, insurance, and transportation sectors, including Marks & Spencer, Co-op, WestJet, and Hawaiian Airlines.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Qantas says it is working closely with cybersecurity experts as well as the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police to contain and investigate the breach.
