
In an alarming development, Australian airline Qantas has confirmed a significant data breach that has jeopardized the personal information of up to six million customers. This breach came to light following a cyberattack on a third-party customer service platform linked to a call center based in Manila, Philippines.
The cyber intrusion, detected on June 30, involved a sophisticated form of voice phishing known as vishing, where malicious actors masquerade as trusted entities over phone calls to extract sensitive information from unsuspecting victims.
The compromised customer service platform housed a trove of personal data, including customers’ names, email addresses, phone numbers, birthdates, and frequent flyer numbers. However, Qantas has reassured customers that no financial information, credit card details, or passports were stored within the affected system. Additionally, the integrity of frequent flyer account credentials, passwords, and PINs remains intact.
Operations and flight safety have not been compromised, as the airline emphasized. In response to this breach, Qantas has notified Australian intelligence agencies, including the Australian Cyber Security Centre, and law enforcement agencies such as the Australian Federal Police. The Office of the Australian Information Commissioner has also been apprised of the situation.
To bolster customer assurance, the airline has initiated a comprehensive investigation and established a dedicated support line and website to keep affected customers updated. Those impacted will receive direct communication from the company.
Qantas Group CEO Vanessa Hudson publicly addressed the situation, offering an apology to customers. “Our customers trust us with their personal information, and we take that responsibility seriously. We are contacting them directly and offering necessary support,” Hudson stated. It’s clear that trust, once broken, can be harder to mend than a wing on a seasoned aircraft.
What was the cause of the Qantas data breach?
The breach stemmed from a cyberattack on a third-party customer service platform in the Philippines, involving a voice phishing scheme known as vishing.
What type of personal information was compromised in the breach?
The exposed information included customers’ names, emails, phone numbers, birthdates, and frequent flyer numbers, but no financial data or passwords were at risk.
How is Qantas responding to the breach?
Qantas has launched a full investigation and established a support line for customers while notifying relevant authorities and directly contacting affected individuals.