Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data.
Qantas is Australia's largest airline, operating domestic and international flights across six continents and employing around 24,000 people.
In a press release issued Monday night, the airline states that the attack has been contained, but a "significant" amount of data is believed to have been stolen. The breach began after a threat actor targeted a Qantas call centre and gained access to a third-party customer servicing platform.
"On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure," Qantas stated.
"There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers."
Qantas says no credit card or personal financial information was exposed, and frequent flyer account passwords, PINs, and login details were not impacted.
After detecting the breach, Qantas says it notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. It's unclear if external cybersecurity experts are assisting with the investigation.
Scattered Spider attacks target aviation firms
This attack comes as cybersecurity firms warn that hackers known as "Scattered Spider" have begun targeting the aviation and transportation industries.
While it is unclear if this group is behind the Qantas attack, BleepingComputer has learned the incident shares similarities with other recent attacks by the threat actors.
... continue reading