‘I dropped everything': Qantas boss clears the air on cyberattack
Ten days ago, while holidaying with her family in Greece, Hudson received the call from a senior executive holding down the fort in Australia. It was an early morning call for Hudson, and the news was grim.
Qantas' system had been breached by cybercriminals. It was the first crisis under Hudson's watch, and her holiday was over as round the clock management of the crisis kicked in.
The data breach was bad enough, but how Qantas would handle the situation was a key object of interest for customers, the media, the government and the airline's board. To say nothing of the elites – from the likes of the prime minister to the chairman of BHP – given some members of the Chairman's Lounge had their details stolen.
A response team was quickly assembled, with members from the IT, Frequent Flyers, communications and government relations divisions all pitching in. For the next 72 hours, Hudson held a series of meetings with the response team, the board and the government, including the federal Transport Minister, Catherine King.
'As soon as I was contacted I dropped everything, this was 100 per cent of my focus – responding to the team,' Hudson said.
In the early hours of the drama, what had been stolen and how many and which customers had fallen victim wasn't known. She said that in the first 24 hours, the first and most immediate task, was to secure the system and lock out the cybercriminals.
Once done, the next task was to access what information was contained in the breached system and which customers were affected.
From the Qantas customer management perspective it was equally important to find out what information wasn't compromised. Luckily hackers had stolen no passport or credit card details, but addresses, phone numbers and frequent flyer numbers of millions of customers were now in a criminal database.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sydney Morning Herald
5 days ago
- Sydney Morning Herald
Cyber criminals threaten to leak Qantas customer database
The group responsible for the Qantas data breach in June that exposed the details of 5.7 million customers has threatened to leak the entire trove of stolen data unless it can find a buyer willing to pay $1 million. A message on an encrypted messaging app, also posted to the 'Dark Web', is warning that the data will be leaked 'starting with [judges and officers]' unless a buyer pays $1 million first. 'If you are interested in buying the Qantas database, then contact us ... otherwise we will leak the entire database starting with … judges and officers first,' the message reads. 'Payment is required before data is published, overall!' Qantas said the recent cyber threats were related to the June data breach and that it believes the same cyber criminal group has been posting threats against multiple companies. Two weeks after the data theft, Qantas sought and received an injunction from the NSW Supreme Court to 'prevent the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties'. At the time, the company said it wanted 'to do all we can to protect our customers' personal information and believe this was an important next course of action'. Since the June data breach of Qantas, some cybersecurity researchers have come to believe a second, but a related criminal group may be involved. The groups are highly fluid, share infrastructure and often impersonate each other which can make attribution difficult.
The Age
5 days ago
- The Age
Cyber criminals threaten to leak Qantas customer database
The group responsible for the Qantas data breach in June that exposed the details of 5.7 million customers has threatened to leak the entire trove of stolen data unless it can find a buyer willing to pay $1 million. A message on an encrypted messaging app, also posted to the 'Dark Web', is warning that the data will be leaked 'starting with [judges and officers]' unless a buyer pays $1 million first. 'If you are interested in buying the Qantas database, then contact us ... otherwise we will leak the entire database starting with … judges and officers first,' the message reads. 'Payment is required before data is published, overall!' Qantas said the recent cyber threats were related to the June data breach and that it believes the same cyber criminal group has been posting threats against multiple companies. Two weeks after the data theft, Qantas sought and received an injunction from the NSW Supreme Court to 'prevent the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties'. At the time, the company said it wanted 'to do all we can to protect our customers' personal information and believe this was an important next course of action'. Since the June data breach of Qantas, some cybersecurity researchers have come to believe a second, but a related criminal group may be involved. The groups are highly fluid, share infrastructure and often impersonate each other which can make attribution difficult.
The Age
08-08-2025
- The Age
Qantas told us our flight home from the US was cancelled. It wasn't
Hanging offence My partner and I were travelling on Qantas QF12 recently from Los Angeles to Sydney. We received an email from Qantas advising us that our Thursday night flight was delayed to the Friday at 9.40pm. The thing was, we weren't booked on the Thursday flight – we were booked on the Friday flight at 11.10pm. I tried to ring Qantas in Australia twice but the call centre just disconnected my call. I then called the call centre in the US; I was on hold for 45 minutes and then was disconnected. Meanwhile, we called our travel agent in Sydney, and she was on hold with Qantas for 143 minutes before they answered. She was told the email we were sent was a mistake and we were still booked on the Friday flight. It took Qantas over three-and-a-half hours to get back to us. Mark Wheeler, Putney, NSW Credit due In May this year, I booked flights for my son and myself for Sydney–Melbourne return. I was ultimately unable to travel but was loath to cancel my part of the booking in case the entire booking was cancelled (there was just the one booking reference). As soon as check-in opened, my son checked in and I phoned Qantas to say I wasn't travelling and could I have a credit for the flight. As I had phoned just less than 24 hours before travelling, this was denied. My son, who lives in Spain and is here visiting for a few weeks, informed me that the flight was full, including the seat where I was supposed to be travelling. The phrase 'daylight robbery' comes to mind. Carey Nolan, Cremorne, NSW
