Qantas Airlines announced the stolen data of more than 5 million customers was released Saturday from a cyberattack in July. Handout File Photo by Brent Winstone/EPA
A hacking collective released the stolen data of 5.7 million Qantas Airlines customers, as well as those of more than 40 companies around the world on Saturday after the deadline for ransom passed.
Qantas said the data stolen includes customer names, email addresses and frequent-flyer numbers. The amount taken varies between customers, and some included home and business addresses, birth dates, phone numbers, gender and meal preferences.
The hackers from the Scattered Lapsus$ Hunters collective targeted a call center in July that used a third-party customer service platform. Authorities investigating the attack have not released which other organizations were breached.
The airline said it has contacted customers to tell them what information of theirs had been released. The company is cooperating with Australian security agencies and has gotten a court injunction to prevent the stolen data from being “accessed, viewed, released, used, transmitted or published.”
Australian cybersecurity expert Troy Hunt said the injunction wasn’t likely to help much. He said these orders essentially just ask criminals not to publish stolen data. “It’s completely useless,” Hunt told the New York Times.
Customers should be extra careful of calls and emails from those claiming to be from Qantas, the Australian government has said. Hang up on the callers and call the company back directly.
“If you’re getting a call you’re not expecting, hang up; call back through the official line,” Tony Burke, cybersecurity minister, told The Guardian.
Qantas has said to follow Burke’s advice and make sure any emails from the company end in the official address -qantas.com or -qantas.com.au. If they end in .net or .biz, they are not legitimate.
