Qantas's two-day hack delay fuels customer scam fears
And there might be further attempts by malicious actors to hit Australia's biggest airline now that a vulnerability has been exposed.
The airline announced on Wednesday that a third-party system used by an offshore call centre had been attacked two days earlier.
The hack potentially compromised the names, dates of birth, email addresses and frequent flyer numbers of six million customers, although their financial information remained secure, Qantas said.
But a cybersecurity expert said the 48-hour delay in telling customers there had been an attack might have left millions vulnerable to scam attempts.
"That second round can be a lot more powerful than the first breach and then there is the risk of customers not knowing to be alert to any emails or phone calls from Qantas as suspicious," La Trobe University's Daswin De Silva told AAP.
"These emails can be sent very quickly ... phishing or other impersonation attacks could have happened in those 48 hours."
Qantas representatives should come forward and explain why there was a 48-hour delay in notifying customers of the scam risk, Professor De Silva added.
He speculated the delay was likely due to Qantas figuring out whether other systems had been compromised and deploying security measures to dispel the cyber criminals.
Qantas confirmed that scammers were already impersonating the airline in the wake of the attack and told customers to be vigilant.
The airline has been contacted for comment about the notification delay.
The company on Friday provided an update confirming that credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.
However, customers will have to wait several days longer for an individual update on which personal details were compromised due to the hack.
"I want to apologise again for the uncertainty this has caused," chief executive Vanessa Hudson said.
"We're committed to keeping our affected customers informed with regular updates as our investigation progresses."
Qantas, which has been working with government authorities to investigate the incident, said there has been no further threat to its systems and additional security measures have been put in place.
Australian Federal Police confirmed they were investigating and the airline had been "highly engaged" with authorities.
Qantas has remained tight-lipped about who it believes is behind the attack and no cyber criminal groups have taken responsibility.
But Prof De Silva said this could be an ominous sign of more cyber strikes to come for the airline now that criminals have found a vulnerability.
"Once you figure out a weak spot, they try to exploit it to the maximum," he said.
Multiple cyber experts believe the group responsible is called Scattered Spider, a cabal of young cyber criminals living in the US and the UK.
The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
Prof De Silva said Scattered Spider was a financially motivated group that did not obtain credit card details or other "valuable" information in the attack.
"They might be planning further attacks that gets them to their objective because obviously they want to see their effort fulfilled," he said.
Qantas has added security measures for its frequent flyer accounts, including requiring extra identification for any changes.
Since the attack was revealed, Qantas has received more than 5000 customer inquiries.
Legal experts suggest the incident could lead to a class action against Qantas after compensation claims were made against Optus and Medibank following major breaches in 2022.
Millions of customers could already have been targeted by scammers in the two days it took Qantas to share details of a major cyber attack, an expert has warned.
And there might be further attempts by malicious actors to hit Australia's biggest airline now that a vulnerability has been exposed.
The airline announced on Wednesday that a third-party system used by an offshore call centre had been attacked two days earlier.
The hack potentially compromised the names, dates of birth, email addresses and frequent flyer numbers of six million customers, although their financial information remained secure, Qantas said.
But a cybersecurity expert said the 48-hour delay in telling customers there had been an attack might have left millions vulnerable to scam attempts.
"That second round can be a lot more powerful than the first breach and then there is the risk of customers not knowing to be alert to any emails or phone calls from Qantas as suspicious," La Trobe University's Daswin De Silva told AAP.
"These emails can be sent very quickly ... phishing or other impersonation attacks could have happened in those 48 hours."
Qantas representatives should come forward and explain why there was a 48-hour delay in notifying customers of the scam risk, Professor De Silva added.
He speculated the delay was likely due to Qantas figuring out whether other systems had been compromised and deploying security measures to dispel the cyber criminals.
Qantas confirmed that scammers were already impersonating the airline in the wake of the attack and told customers to be vigilant.
The airline has been contacted for comment about the notification delay.
The company on Friday provided an update confirming that credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.
However, customers will have to wait several days longer for an individual update on which personal details were compromised due to the hack.
"I want to apologise again for the uncertainty this has caused," chief executive Vanessa Hudson said.
"We're committed to keeping our affected customers informed with regular updates as our investigation progresses."
Qantas, which has been working with government authorities to investigate the incident, said there has been no further threat to its systems and additional security measures have been put in place.
Australian Federal Police confirmed they were investigating and the airline had been "highly engaged" with authorities.
Qantas has remained tight-lipped about who it believes is behind the attack and no cyber criminal groups have taken responsibility.
But Prof De Silva said this could be an ominous sign of more cyber strikes to come for the airline now that criminals have found a vulnerability.
"Once you figure out a weak spot, they try to exploit it to the maximum," he said.
Multiple cyber experts believe the group responsible is called Scattered Spider, a cabal of young cyber criminals living in the US and the UK.
The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
Prof De Silva said Scattered Spider was a financially motivated group that did not obtain credit card details or other "valuable" information in the attack.
"They might be planning further attacks that gets them to their objective because obviously they want to see their effort fulfilled," he said.
Qantas has added security measures for its frequent flyer accounts, including requiring extra identification for any changes.
Since the attack was revealed, Qantas has received more than 5000 customer inquiries.
Legal experts suggest the incident could lead to a class action against Qantas after compensation claims were made against Optus and Medibank following major breaches in 2022.
Millions of customers could already have been targeted by scammers in the two days it took Qantas to share details of a major cyber attack, an expert has warned.
And there might be further attempts by malicious actors to hit Australia's biggest airline now that a vulnerability has been exposed.
The airline announced on Wednesday that a third-party system used by an offshore call centre had been attacked two days earlier.
The hack potentially compromised the names, dates of birth, email addresses and frequent flyer numbers of six million customers, although their financial information remained secure, Qantas said.
But a cybersecurity expert said the 48-hour delay in telling customers there had been an attack might have left millions vulnerable to scam attempts.
"That second round can be a lot more powerful than the first breach and then there is the risk of customers not knowing to be alert to any emails or phone calls from Qantas as suspicious," La Trobe University's Daswin De Silva told AAP.
"These emails can be sent very quickly ... phishing or other impersonation attacks could have happened in those 48 hours."
Qantas representatives should come forward and explain why there was a 48-hour delay in notifying customers of the scam risk, Professor De Silva added.
He speculated the delay was likely due to Qantas figuring out whether other systems had been compromised and deploying security measures to dispel the cyber criminals.
Qantas confirmed that scammers were already impersonating the airline in the wake of the attack and told customers to be vigilant.
The airline has been contacted for comment about the notification delay.
The company on Friday provided an update confirming that credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.
However, customers will have to wait several days longer for an individual update on which personal details were compromised due to the hack.
"I want to apologise again for the uncertainty this has caused," chief executive Vanessa Hudson said.
"We're committed to keeping our affected customers informed with regular updates as our investigation progresses."
Qantas, which has been working with government authorities to investigate the incident, said there has been no further threat to its systems and additional security measures have been put in place.
Australian Federal Police confirmed they were investigating and the airline had been "highly engaged" with authorities.
Qantas has remained tight-lipped about who it believes is behind the attack and no cyber criminal groups have taken responsibility.
But Prof De Silva said this could be an ominous sign of more cyber strikes to come for the airline now that criminals have found a vulnerability.
"Once you figure out a weak spot, they try to exploit it to the maximum," he said.
Multiple cyber experts believe the group responsible is called Scattered Spider, a cabal of young cyber criminals living in the US and the UK.
The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
Prof De Silva said Scattered Spider was a financially motivated group that did not obtain credit card details or other "valuable" information in the attack.
"They might be planning further attacks that gets them to their objective because obviously they want to see their effort fulfilled," he said.
Qantas has added security measures for its frequent flyer accounts, including requiring extra identification for any changes.
Since the attack was revealed, Qantas has received more than 5000 customer inquiries.
Legal experts suggest the incident could lead to a class action against Qantas after compensation claims were made against Optus and Medibank following major breaches in 2022.
Millions of customers could already have been targeted by scammers in the two days it took Qantas to share details of a major cyber attack, an expert has warned.
And there might be further attempts by malicious actors to hit Australia's biggest airline now that a vulnerability has been exposed.
The airline announced on Wednesday that a third-party system used by an offshore call centre had been attacked two days earlier.
The hack potentially compromised the names, dates of birth, email addresses and frequent flyer numbers of six million customers, although their financial information remained secure, Qantas said.
But a cybersecurity expert said the 48-hour delay in telling customers there had been an attack might have left millions vulnerable to scam attempts.
"That second round can be a lot more powerful than the first breach and then there is the risk of customers not knowing to be alert to any emails or phone calls from Qantas as suspicious," La Trobe University's Daswin De Silva told AAP.
"These emails can be sent very quickly ... phishing or other impersonation attacks could have happened in those 48 hours."
Qantas representatives should come forward and explain why there was a 48-hour delay in notifying customers of the scam risk, Professor De Silva added.
He speculated the delay was likely due to Qantas figuring out whether other systems had been compromised and deploying security measures to dispel the cyber criminals.
Qantas confirmed that scammers were already impersonating the airline in the wake of the attack and told customers to be vigilant.
The airline has been contacted for comment about the notification delay.
The company on Friday provided an update confirming that credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.
However, customers will have to wait several days longer for an individual update on which personal details were compromised due to the hack.
"I want to apologise again for the uncertainty this has caused," chief executive Vanessa Hudson said.
"We're committed to keeping our affected customers informed with regular updates as our investigation progresses."
Qantas, which has been working with government authorities to investigate the incident, said there has been no further threat to its systems and additional security measures have been put in place.
Australian Federal Police confirmed they were investigating and the airline had been "highly engaged" with authorities.
Qantas has remained tight-lipped about who it believes is behind the attack and no cyber criminal groups have taken responsibility.
But Prof De Silva said this could be an ominous sign of more cyber strikes to come for the airline now that criminals have found a vulnerability.
"Once you figure out a weak spot, they try to exploit it to the maximum," he said.
Multiple cyber experts believe the group responsible is called Scattered Spider, a cabal of young cyber criminals living in the US and the UK.
The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
Prof De Silva said Scattered Spider was a financially motivated group that did not obtain credit card details or other "valuable" information in the attack.
"They might be planning further attacks that gets them to their objective because obviously they want to see their effort fulfilled," he said.
Qantas has added security measures for its frequent flyer accounts, including requiring extra identification for any changes.
Since the attack was revealed, Qantas has received more than 5000 customer inquiries.
Legal experts suggest the incident could lead to a class action against Qantas after compensation claims were made against Optus and Medibank following major breaches in 2022.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
West Australian
3 hours ago
- West Australian
Herd on the Terrace: Roger Cook might be walking on a nightmare with 'Made in WA' pledge
The Bull has been pondering whether Roger Cook is walking into a nightmare thanks to his government's obsession with making stuff in WA. Cook was out of the frying pan and into the fire this week after revelations the next Tourism WA advertising campaign will be partly produced on the east coast. Procuring elaborate visuals of flying whale sharks from elsewhere would ordinarily not be especially unusual, given Western Australia has three million people and a reasonably small film industry. But the government has walked (on a dream) into a locally-built mess given 'Made in WA' was their flagship pledge in a thumping March State Election victory. When mission-critical manufacturing jobs including buses, power line towers and batteries must be assembled in the State — at great expense — artists would be fair enough to ask why there are no such requirements for creative work. Then where does it end? Stand down, BHP's fly-in, fly-out work force, Rita Saffioti wants you in Neerabup slapping together over-priced refrigerators. Petroleum engineer? Not any more! Off to Bellevue to join local procurement champions Alstom. The French company will bank $1.4 billion to make the new Metronet C-Series rail cars in India, ship them to Perth, and add a few highly uncomfortable seats in a warehouse. Hope you know how to hold a welding torch! The new trains are a true tribute to globalisation, although the local union movement would never admit that. When 'Made in WA' is your biggest promise, it becomes the metric by which every decision will be judged. We may have a shortage of workers in WA but there's never a deficit of political over-commitment. Just when you thought the so-called national carrier was cleared for reputational take-off, cyber criminals have aimed their keyboards at Qantas. Close to six million Australians were in fear that their frequent flyer points had been siphoned off to Nigeria this week when the Flying Kangaroo revealed a major data breach. Thankfully, the government-protected airline promised customers 'no frequent flyer accounts were compromised', just personal identity details. All good then! Why bother stealing all those hard-earned points anyway, given they would probably expire before arrival. The hackers are as yet unknown but The Bull expects they will soon release the membership list of Qantas' infamous Chairman's Lounge as proof of life. When director Todd Sampson — who parachutes off the board at the end of the month — hosted the 2016-2020 TV show Body Hack, we can only assume Qantas did not intend the title to be taken literally. We hope Todd can imitate Liam Neeson and personally track down Australia's Taken passport details. Recent openings in two of WA's top lobbying jobs will mean anyone who's ever been in a photo with the Artful Roger will want to put their hands up for the prized positions. Plenty of eyes are on Association of Mining and Exploration Companies boss Warren Pearce as a top option to replace Chamber of Minerals and Energy chief Rebecca Tomkinson when she jets off to a lucrative London trade gig. Also hunting for new hires will be the Chamber of Commerce and Industry WA, thanks to the swift departure of fly-in, fly-out boss Peter Cock after just four months. A tenacious orator, Pearce made a name for himself for scoring tax production credits (or taxpayer handouts, depending on your persuasion) for the State's critical minerals battlers, and is regarded as a tactful treader between business and government. The CME job requires ensuring powerful members — such as Rio Tinto and BHP — have their needs heard loud and clear at the cabinet table. And we wouldn't want these multibillion-dollar multinationals left without a voice. Alas, word is the lobbyist has actually started to turn a shade of cerulean denying his interest in the role, and is dead set on staying put . . . really.
Herald Sun
3 hours ago
- Herald Sun
Qantas CEO Vanessa Hudson regret over Scattered Spider cyber attack
A cyber attack was the furtherest thing from Vanessa Hudson's mind, as she enjoyed her annual leave far away from the New South Wales' 'bomb cyclone' for the heatwave of Europe. But that quickly changed on Monday after a phone call from a fellow executive telling the Qantas CEO 'suspicious activity' was detected on a database where the details of six million customers were stored. 'As soon as I heard the breach had happened, I stopped everything I was doing and I connected with the team and was leading our response,' said Ms Hudson from London. 'All our focus was understanding what occurred, and the time gap between communicating to customers was so we could advise with 100 per cent confidence that no passport details had been breached, no credit card numbers and the Frequent Flyer system was completely secure.' A statement to the ASX and the media was released Wednesday morning, outlining the attack had accessed customers' names, birthdates, phone numbers, email addresses and loyalty numbers — enough information to cause anxiety for the millions affected. What made it worse was the US Federal Bureau of Investigation had issued a warning three days beforehand that hacker group Scattered Spider was targeting the aviation community, with attacks on WestJet and Hawaiian Airlines. Ms Hudson said that warning had been communicated by Qantas to its call centres on Friday June 27 — apparently to no avail. 'Unfortunately the cyber criminal in this instance was able to gain access to what is a customer service platform and that was following an interaction with a call centre operator (in Manila),' she said. 'I'm sure you would appreciate that we really do want to avoid further action by other cyber criminals so I have felt that it's important not to provide a lot more of the specificities around what's occurred.' While she does not want to attribute blame, various cyber experts have highlighted striking similarities between Scattered Spider's MO and the Qantas infiltration. The criminal organisation is believed to have evolved from a group of young people trading secrets on social media for how to cheat playing video games, to something much more sinister. 'The group is notorious for targeting large enterprises — often by exploiting IT help desks via social engineering,' said Rapid7 senior director of threat analytics Christiaan Beek. 'Their end goals are typically data theft and extortion. In some intrusions, they have partnered with or acted as affiliates of ransomware gangs.' Unlike the Medibank cyber attack in late 2022 which was attributed to Russia's Aleksandr Ermakov, Scattered Spider's members came from the US, UK and Canada. Okta's Brett Winterford said the group is not only motivated by profit but the 'desire to score a big win that impressed their peers'. Only last month, Scattered Spider targeted retailers including North Face, Cartier and Victoria's Secret, following on from a spate of attacks on UK retailers Harrods, Marks & Spencer and Co-op. US insurers including Aflac, Erie Indemnity and Philadelphia Insurance have also been under siege from the group — all hit in what appeared to be co-ordinated attacks during a five day period last month. As yet Qantas has received no ransom demand, nor has the stolen information been shopped for sale on the dark web. But that's not to say the 6 million individuals caught up in the attack are in the clear — and Ms Hudson stressed that vigilance was critical. 'That is obviously the reason why we acted so quickly and so transparently with our customers,' she said. Within hours of the suspicious activity being confirmed on Monday, Ms Hudson said she notified her chair, John Mullen, and the government. 'We are continuing to work really effectively with the government cyber teams and also the AFP because this is a criminal matter,' she said. Experts agreed that Qantas customers risk being targeted by follow-on social engineering attacks. This includes potential credential stuffing – the same method hackers used earlier this year to siphon hundreds of thousands of dollars of retirement savings from Australian industry super funds. Ms Hudson described her 'concern and great regret' the attack had occurred, but she said Qantas' response would help the airline's mission rebuilding trust. 'Trust is something that has to be earned both in the good times and also in the hard times and I think in the hard times in this context and where we're at, the way in which you continue to support customers being transparent with them, being open and being supportive goes to an important part of customers' understanding that we're focused on them, even in the hard times,' she said. Customers were reassured Qantas' systems were now secure, with more details of the extent of the data breach for individual customers expected next week. Until then Ms Hudson encouraged customers to visit the Q&A on the website and app, and call the customer support line. 'I mean this is an increasing global threat for organisations and for all of us in the modern digital world and we have to learn from these events,' she said. Originally published as Qantas CEO's 'great regret' over cyber attack on customer database storing personal details
Sky News AU
6 hours ago
- Sky News AU
Qantas CEO apologises following data breach
Qantas CEO Vanessa Hudson has spoken out after the data of millions of customers was exposed in a cyberattack this week. Hackers targeted a third-party platform used by the airline's call centres, leaking personal details including names, phone numbers and email addresses. Some legal experts suggest that the incident could lead to a class action lawsuit, following major breaches by Optus and Medicare in 2022. Airlines are being warned to implement proactive, multi-layered security approaches as the aviation industry continues to be targeted by cyberattacks.
