Australia's Qantas confirms cyber incident at contact centre, customer data exposed
The company said the breach occurred when a cybercriminal targeted a call centre and accessed a third-party customer servicing platform.
Qantas said the platform contains around six million customers with service records, but did not mention whether the accounts were also based outside Australia.
The initial review confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers, however, financial information such as credit card details, and separately, passport details are not held in the affected system.
"We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant," Qantas said in a statement.
"No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed," it added.
The airline said that the system is currently contained, with no effect on its operations or the safety of the airline.
The company has also notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, along with alerting the Australian Federal Police, "given the criminal nature of this incident."
The Australian Federation of Pilots, Australian Cyber Security Centre and Office of the Australian Information Commissioner did not immediately respond to Reuters' request for comments on the matter.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
5 hours ago
- CNA
Australian police accuse Chinese woman of spying on Buddhist group in Canberra
Australian police have charged a Chinese woman with foreign interference, accusing her of spying on a Buddhist group in Canberra. Roger Maynard reports.
CNA
6 hours ago
- CNA
Lions hooker Sheehan handed four-match ban over Lynagh foul
British & Irish Lions hooker Dan Sheehan has been handed a four-match suspension, which can be reduced to three by completing a coaching intervention, for a foul on Australia fly half Tom Lynagh in the third test in Sydney, World Rugby said on Monday. Sheehan is set to be ruled out of his club Leinster's pre-season game with Cardiff and their United Rugby Championship matches against Stormers and Sharks in September and October. He will also miss the game against Munster on October 18 if he fails to successfully complete the coaching intervention. Lynagh had failed a head injury assessment and was unable to continue after an apparent hit from Sheehan's elbow, as the Lions suffered their only loss of the nine-match tour of Australia on Saturday. Sheehan, who had initially denied any foul play, has accepted the suspension given to him by an independent foul play review committee, World Rugby said in a statement. "In determining foul play, the committee found that Sheehan's actions were reckless. The committee found that he made head contact with the Australian player, that his action amounted to a high degree of danger and that no mitigation applied," World Rugby added.
CNA
3 days ago
- CNA
147,000 customer records affected following data breach at Cycle & Carriage
SINGAPORE: A breach at Cycle & Carriage's database has affected about 147,000 records containing customer information, the car distributor said on Friday (Aug 1). In response to CNA's queries, a spokesperson from Cycle & Carriage said that it was alerted on Jul 14 to "unauthorised access" into its customer relationship management system by a threat actor who downloaded some customer information. "About 147,000 data records are affected. Most of the downloaded records have missing or partial information," added the spokesperson. The affected data records may contain names and contact information - such as email addresses and phone numbers - with about 2 per cent of them containing National Registration Identity Card (NRIC) numbers and deposit amounts. No banking or credit card information was divulged, the spokesperson said. "Once we became aware of the incident, we have taken measures to prevent further unauthorised access to the system. "A thorough investigation was carried out and forensic experts were activated to look into the possible causes of this unauthorised access," the spokesperson added. Apologising to affected customers, Cycle & Carriage said that the company has internal processes, protocols, and training in place to support data governance and cyber hygiene, but will continue to "review and refine these as needed" in light of the incident. The firm has lodged a police report and notified the Personal Data Protection Commission (PDPC). It has also begun to inform affected customers in batches from Wednesday. In an email sent to a customer on Thursday, which CNA has seen, the firm referred to a "cybersecurity incident" and added that it was still investigating the full scope of the breach. Customers were advised to be cautious of phishing activities or suspicious requests for personal information.
