Qantas is being extorted in recent data-theft cyberattack

Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.

“A potential cyber criminal has made contact, and we are currently working to validate this,” Qantas shared in an updated statement.

“As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the details of the contact.”

Qantas disclosed the attack on July 1st, stating it detected unusual activity in a third-party system used by one of its contact centres the day before. The breach exposed customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.

However, Qantas says that no credit card or financial information, passport details, passwords, PINs, or login credentials were exposed in the breach. 

Qantas is warning customers to be on the lookout for scams and phishing emails that may attempt to use the stolen data to steal further sensitive information. All legitimate emails from Qantas will be from the qantas.com domain.

Qantas also said it will never ask customers for passwords, ticket confirmation codes, or other sensitive information by phone, text, or email.

The Qantas breach is part of attacks targeting the aviation sector by threat actors linked to Scattered Spider. These threat actors are skilled at social engineering attacks used to gain initial access to corporate networks, commonly by tricking help desks and support vendors into resetting employees’ passwords and MFA.

The threat actors behind these attacks first targeted the retail sector in April, with breaches on Marks & Spencer (M&S) and Co-op.

For M&S, the group gained access by impersonating an employee and convincing a service desk vendor to reset passwords and multi-factor authentication (MFA) protections.

The group later shifted its focus to insurance companies, and more recently, the aviation and transportation industries, with attacks on WestJet and Hawaiian Airlines linked to the threat actors.

Qantas says it is working with cybersecurity experts and the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police to investigate the attack.

BleepingComputer contacted Qantas with further questions regarding the extortion and will update this article if we hear back.