Australian airline Qantas has confirmed that it is the target of an extortion attempt following a cyberattack on June 30 that exposed sensitive customer data stored in a third-party contact center platform.

Details of the Breach

According to the company, cybercriminals gained unauthorized access to the third-party platform used by its customer service center, compromising service records of approximately 6 million customers. The exposed information includes names, email addresses, phone numbers, dates of birth, and frequent flyer membership numbers.

Importantly, the breach did not affect Qantas’ internal systems, and the airline’s flight operations remain unaffected.

No Financial or Identity Documents Compromised

In an update released on July 7, Qantas stated that there has been no further suspicious activity on the compromised system. The company assured that credit card details, passport numbers, and financial data were not involved in the breach. Furthermore, Qantas Frequent Flyer accounts remain intact and secure.

However, the threat actor has since reached out directly to Qantas, prompting the airline to involve the Australian Federal Police. Due to the ongoing criminal investigation, the company has declined to share further specifics regarding the extortion attempt.

Monitoring and Customer Communication

So far, Qantas has found no evidence that the stolen data has been leaked online. The airline continues to actively monitor the web for any signs of exposure.

Customers have already been contacted regarding the breach. An initial notice was sent to all Qantas Frequent Flyer members, followed by a message to all customers aged 15 and over. Impacted individuals will receive an additional update this week with specific details about the data compromised.

Ongoing Threat of Social Engineering

Qantas has issued a warning about potential scams following the breach. The airline has received reports of fraudsters impersonating Qantas representatives in attempts to extract sensitive information from customers through emails, texts, and phone calls.

“We urge customers to stay vigilant and to avoid sharing personal information, passwords, or booking references with unverified sources,” the company stated.

At Nubetia, we help organizations strengthen their cyber resilience and protect against growing threats like extortion and data breaches. Learn how we can help your business at nubetia.com.

Source: https://www.securityweek.com/qantas-hit-with-extortion-demand-after-data-breach/