Qantas says cyberattack affected 5.7 million customers

Qantas confirmed Wednesday that a cyberattack on one of its vendors affected 5.7 million passengers.

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Qantas Group CEO Vanessa Hudson said in a statement. 

Hudson said the airline is reaching out to customers to notify them about the specific data held in the compromised systems and to give them advice on the additional support services available to them.

The airline said the database stored approximately four million passengers’ names and email addresses, with 2.8 million of those records also including people’s frequent-flyer numbers. The other 1.7 million compromised records included some combination of date of birth, phone numbers, gender and meal preferences.

Qantas officials reiterated their assurance that the hackers did not access any credit card numbers, passport data or other sensitive personal or financial information. There is also no evidence that the intruders have leaked any of the stolen data online.

The airline is warning passengers to beware of any calls or messages from people claiming to represent Qantas, as they are likely fraudulent. 

Qantas said it has taken several steps to enhance its own internal security to prevent a similar attack from happening again.

The breach, which the airline disclosed earlier this month, comes amid a widening attack spree linked to the Scattered Spider cybercrime group. 

It is possible, however, that Scattered Spider may not be directly responsible for the attack. Security researchers told Cybersecurity Dive that it might instead be the work of affiliated threat groups engaged in similar social-engineering attacks.

A threat group dubbed UNC6040 has been targeting Salesforce instances to launch social-engineering attacks and engage in extortion, researchers at Mandiant said in June. There are overlaps between this group and The Com, the underground collective with ties to Scattered Spider. Salesforce first warned about these attacks in March.

Qantas has not publicly attributed the attack to any threat actor