The FBI reportedly warned US airlines that they were at risk of a cyber attack the day before Qantas revealed it had experienced a data breach. The FBI said hacking group Scattered Spider was attacking North American airlines, in a bid to steal data and launch ransomware attacks.
At this stage, Qantas has not said that Scattered Spider was behind the attack; however, it did reveal in an update that it will continue to work with specialist cybersecurity experts on a forensic analysis of the impacted system. It will also put security measures in place to further restrict access and strengthen system monitoring and detection.
The Manila call centre where the breach occurred also stores a significant amount of Qantas Business Rewards data, loyalty expert Adele Eliseo, publisher of The Champagne Mile, told Travel Weekly. It’s not been clarified by QF whether any of this data, along with status tiers and/or points balances and booking information for members might have been disclosed as it wasn’t listed in the fields Qantas said weren’t impacted.
But Qantas has reaffirmed:
- There has been no further threat activity in the system
- The system remains secure
- No credit card details, personal financial information or passport details were stored on this system and therefore were not accessed
- There is no impact to Qantas Frequent Flyer accounts
Qantas has not been contacted by anyone claiming to have the data. It is continuing to work with government authorities to investigate the incident.
Additional security measures include extra security measures for Qantas Frequent Flyer accounts to further protect these from unauthorised access, including requiring additional identification for account changes.
“We know that data breaches can feel deeply personal and understand the genuine concern this creates for our customers. Right now we’re focused on providing the answers and transparency they deserve,” Qantas Group chief executive officer Vanessa Hudson said.
“Our investigation is progressing well with our cybersecurity teams working alongside leading external specialists to determine what information has been accessed.
Customer communications
Next week Qantas said it will be in a position to update affected customers on the types of their personal data that was contained in the system. This will confirm specific data fields for each individual which will vary from customer to customer.
“We’re finalising a process that will enable us to provide affected customers with more information about their personal information that was potentially compromised,” Hudson said.
“We are treating this incredibly seriously and have implemented additional security measures to further strengthen our systems. Our customers can be assured that we have the right expertise and resources dedicated to resolving this matter thoroughly and effectively.
“I want to apologise again for the uncertainty this has caused. We’re committed to keeping our affected customers informed with regular updates as our investigation progresses.”
It has also increased resourcing in our contact centres to support customers and has received more than 5000 enquiries through its dedicated customer support line established following the cyber incident.
Since Wednesday morning, the airline has communicated directly with its frequent flyers to notify them of the incident and to apologise that this has occurred. Frequent flyers who have not received this email should check their spam or junk folder.
There was separate communication with around 6 million customers who had personal information within the impacted platform.
Advice to customers
Customers can contact our dedicated support line on 1800 971 541 or +61 2 8028 0534, including access to specialist identity protection advice and resources.
Qantas said it was also aware of reports of scammers impersonating the carrier.
“We recommend customers remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords,” it said.
Qantas said it never contacts customers requesting passwords, booking reference details or sensitive login information.
If customers do receive any suspicious emails, text messages or calls from someone purporting to be Qantas you can report this via our dedicated support line, Scamwatch or contact local authorities.
Frequent flyers
The airline said Qantas Frequent Flyers can continue to engage in the program and with partners as normal. Frequent flyer passwords, PIN numbers and log in details were not accessed or compromised, but customers can update these details at any time.
The information accessed in the incident is not enough to gain access to frequent flyer accounts.
In addition, all frequent flyer accounts by default have multi-factor authentication or two-factor authentication already enabled. This could be a one-time password being sent to the registered mobile number or email, answering security questions or through the Authenticator App.
Loyalty expert Eliseo, said the combination of Frequent Flyer data puts the points balances of millions of Australians at risk.
“Frequent flyer numbers are more than membership references,” she said. “They are the gateway to accessing points with tangible financial value, and when linked with personal information, they expose account holders to significant vulnerability,” she said.
In recent years, a significant number of Australians have built large Qantas Frequent Flyer balances, with many members holding six-figure points totals.
“Since one Qantas Point can be worth up to five cents when redeemed for high-value flights, a member with 100,000 points — the equivalent of one credit card sign-up bonus – could be sitting on up to $5,000 in value.”
“Unfortunately, most people don’t treat their points as an asset and industry protections haven’t kept pace with the value Australians have built up in airline programs.”
Eliseo says frequent flyer numbers should be protected with the same care as a credit card number or other financial data, and that clearer consumer safeguards are needed.
What to do now
Eliseo said that while Qantas is expected to make contact with customers impacted by the breach, Qantas Frequent Flyer members with active points balances should take three steps to secure their account:
- Log in to check your points balance and activity regularly over the coming weeks and months. Contact Qantas directly if you spot anything unfamiliar
- Consider updating your pin and ensure email and mobile numbers linked to two-factor authentication are up to date and secure
- Go directly to the Qantas website or app to access your account. Be cautious about clicking links in emails, texts or social media related to the breach, as scams are likely to increase following the breach
“Points are a financial asset. They deserve the same attention and protection you’d give to your bank account or super,” she said.
Qantas confirms containment of cyber incident in contact centre
