Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
"A potential cyber criminal has made contact, and we are currently working to validate this," Qantas shared in an updated statement.
"As this is a criminal matter, we have engaged the Australian Federal Police and won't be commenting any further on the details of the contact."
Qantas disclosed the attack on July 1st, stating it detected unusual activity in a third-party system used by one of its contact centres the day before. The breach exposed customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
However, Qantas says that no credit card or financial information, passport details, passwords, PINs, or login credentials were exposed in the breach.
Qantas is warning customers to be on the lookout for scams and phishing emails that may attempt to use the stolen data to steal further sensitive information. All legitimate emails from Qantas will be from the qantas.com domain.
Qantas also said it will never ask customers for passwords, ticket confirmation codes, or other sensitive information by phone, text, or email.
The Qantas breach is part of attacks targeting the aviation sector by threat actors linked to Scattered Spider. These threat actors are skilled at social engineering attacks used to gain initial access to corporate networks, commonly by tricking help desks and support vendors into resetting employees' passwords and MFA.
The threat actors behind these attacks first targeted the retail sector in April, with breaches on Marks & Spencer (M&S) and Co-op.
For M&S, the group gained access by impersonating an employee and convincing a service desk vendor to reset passwords and multi-factor authentication (MFA) protections.
... continue reading