Australian airline Qantas has disclosed a cyber attack that ended in the customer information of nearly six million customers stolen. The attack wasn’t targeted at Qantas directly, instead targeting a third-party platform used by a Qantas contact centre.
In an announcement confirming the attack on its website, Qantas has claimed that its systems operations and airline safety remain unaffected. The targeted platform hosted service records of the six million affected customers. The airline is still investigating the total amount of data stolen but expects it to be significant.
At the moment, an initial review confirmed the following data has been stolen:
- Full name and birthday
- Email address
- Phone number
- Frequent flyer number
More importantly, no credit card details, personal financial information, or passport details were held in the system and hence weren’t stolen. Additionally, frequent flyer accounts weren’t compromised, meaning passwords, PINs, and login credentials are safe.
A lot of technical details, including the name of the affected platform aren’t present in Qantas’ announcement. However, attacking a larger corporation by hacking smaller, third-party services used by them is a popular tactic employed by ransomware groups to steal and extract data from target systems.
The Register reports that the airline is a known user of Salesforce and Genesys platforms that are often used in call centers. However, both vendors don’t seem to be having any issues and haven’t disclosed any major infrastructure attacks or disruptions lately, suggesting that another, smaller tool was targeted for this breach.
Candid.Technology hasn’t seen any major ransomware groups claiming responsibility for the attack at the time of writing. However, in case this turns out to be an attempted ransomware attack, it’ll take a while before negotiations break down and the ransomware operators behind the attack decide to publicly release the stolen data.
In the News: Hackers caught weaponising Vercel’s AI tool to create phishing pages
