Qantas has confirmed that hackers responsible for stealing data from 5.7 million customers in July have now released the information.
According to The Guardian, the data was released to the dark web after Qantas – along with around 40 other companies impacted by the Salesforce breach – refused to meet the cybercriminal’s ransom deadline.
In a statement, the airline said it is working with cybersecurity experts to determine exactly what data has been made public.
“Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties,” Qantas said.
“We have also put in place additional security measures, increased training across our teams, and strengthened system monitoring and detection since the incident occurred.”
The majority of the compromised records included names, email addresses and Frequent Flyer details. A smaller portion of customers also had their business or home address, date of birth, phone number, gender or meal preferences exposed.
No credit card details, personal financial information or passport details were impacted. Qantas stressed there has been no impact to Frequent Flyer accounts, and that passwords, PINs and login details were not accessed or compromised. The stolen data alone is not sufficient to access customer accounts.
Qantas assures almost 6 million that there is no impact to QFF accounts, passwords, PINs or logins
