Australian airline Qantas is notifying customers that their personal information may have been stolen in a cyberattack targeting one of its contact centers.
The incident, the country’s flag carrier says, was detected on June 30, after hackers accessed a third-party platform used by the call center.
While no Qantas systems were accessed and the airline’s operations have not been affected, the attackers managed to exfiltrate data from the compromised platform.
“There are 6 million customers that have service records on this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” the company announced.
Potentially compromised information includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers, it said. No credit card, financial, or passport information was stored on the platform.
“No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed,” Qantas said.
The airline says it immediately secured the compromised system, notified law enforcement and the relevant authorities, and started notifying customers of the incident. It also established a dedicated customer support line and a webpage to keep individuals informed.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously. We are contacting our customers today and our focus is on providing them with the necessary support,” Qantas Group CEO Vanessa Hudson said.
Qantas has not shared information on the attackers, but the incident occurred days after Alaska Air Group subsidiary Hawaiian Airlines disclosed a cyberattack and Mandiant warned that the infamous hacking group Scattered Spider is now targeting the airline and transportation sector.
“While Scattered Spider has a history of targeting global organizations including those in Australia, it’s too early to tell if they’ve expanded their current targeting to Australian airline organizations,” Mandiant Consulting CTO Charles Carmakal told SecurityWeek.
“Various threat actors use telephone-based social engineering to compromise organizations, including a financially-motivated threat actor we call UNC6040,” Carmakal added.
Related: Hackers Access Legacy Systems in Oxford City Council Cyberattack
Related: Canadian Airline WestJet Hit by Cyberattack
Related: DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyberattacks
Related: US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on Musk’s X
