Article Details

Qantas begins telling some customers that mystery attackers have their home address. Plus: Confirms less serious data points like meal preferences also leaked. Qantas says that when cybercrooks attacked a "third party platform" used by the airline's contact center systems, they accessed the personal information and frequent flyer numbers of the "majority" of the circa 5.7 million people affected. Customers aged 15 and above will be notified directly of exactly how their data was impacted by the attack... The Aussie airline said today this personal information includes names and/or email addresses, and warned frequent flyer numbers, customer tiers, status credits, and points balances might also be compromised. In a "minority" of the total number of cases – reportedly up to one million people – other data points were also revealed. These include:  No doubt hoping to mitigate worries about exposing physical addresses, the airline said its investigations showed that many of these were years old and potentially outdated, while others were only partially completed (postcodes only). Qantas told Reuters that of the 5.7 million customers affected by its break-in, the name, phone number, and/or physical address of around 1 million was accessed by the crooks, while for the bulk of the customers – 4 million – "only" their name and email address was accessed. Number trouble If you're wondering why the number of affected individuals is now 5.7 million compared the our previously reported 6 million, there's an explanation for that. Qantas said it originally understood that 6 million was the magic number but upon review, duplicate records were skewing the total upward, leaving a final 5.7 million. As for the remaining 700k, The Register asked the airline about that, but it did not immediately respond. Customers aged 15 and above will be notified directly of exactly how their data was impacted by the attack, Qantas said.  Those signed up to the airline's frequent flyer program will also be able to view their affected data types via their account page as part of a new feature to be launched later this week. Qantas assured those due to travel on its flights that they do not need to do anything differently, but warned those affected to be extra vigilant against scams, phishing attempts, and the like. "We have increased resourcing in our contact centers and have a dedicated support line to support our customers," its website states. "Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorized access, including requiring additional identification for account changes." The airline added that it is not aware of crooks releasing customer data on the dark web, but is actively monitoring to see if that changes. Qantas has not confirmed what kind of attack this was, whether it was a pure-play data grab or if ransomware and/or extortion were involved. On its FAQ page, it said its IT systems are safe to use: "We took immediate steps and contained the system, and Qantas systems remain secure." Nothing is confirmed with regards to who was behind the attack, but the breakin at Qantas followed similar raids at other airlines such as Hawaiian and WestJet, prompting experts to issue warnings about Scattered Spider's apparent change in tack.