Qantas cyber hack could have stolen ‘significant' amount of data from six million customers
The hack penetrated a third-party customer service platform used by a Qantas contact center, the airline said in a statement on Wednesday. Six million customers have service records on the platform – with data including some of their names, email addresses, phone numbers, birth dates and frequent flyer numbers.
However, the platform does not contain any customer credit card details, financial information or passport details, Qantas said.
After Qantas detected 'unusual activity' on the platform, it took action and 'contained' the system, it said. The statement said all Qantas systems are now secure, and there is no impact to the company's operations or safety.
It's not clear exactly how much data was stolen, 'though we expect it to be significant,' the airline said. It is now working to support affected customers, and is cooperating with the Australian Cyber Security Centre, Australian Federal Police and independent cybersecurity experts on the investigation.
'We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,' said Qantas CEO Vanessa Hudson in the statement.
'We are contacting our customers today and our focus is on providing them with the necessary support.'
Qantas' share price was down 3.5% in morning trading, against a 0.4% gain in the broader market, according to Reuters.
Australia has seen a series of major cyberattacks and company hacks in recent years. In 2019, a cyberattack targeted Australia's ruling and opposition parties less than three months before a national election. Two years later, broadcaster Nine News suffered a cyberattack that forced a number of live shows off air – calling it the largest cyberattack on a media company in Australia's history.
Most recently in 2022, cybercriminals in Russia conducted a ransomware attack on Medibank, one of Australia's largest private health insurers. Sensitive personal data, including health claims information, was stolen from 9.7 million customers – some of which was then released onto the dark web.
Last year, Australia publicly named and imposed sanctions on a Russian national for his alleged role in the attack. He was an alleged member of the Russian ransomware gang REvil, which had previously launched large attacks on targets in the United States and elsewhere, before Russian authorities cracked down in 2022 and detained multiple people.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Entrepreneur
an hour ago
- Entrepreneur
Stay One Step Ahead of Cyber Threats for Five Years for $35
Disclosure: Our goal is to feature products and services that we think you'll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners. When you run a business, the last thing you want is sensitive company data floating around unprotected. Whether you're working from a coffee shop, hotel lobby, or airport lounge, unsecured networks are a cybercriminal's playground — and a costly breach could set you back far more than a VPN (virtual private network) subscription ever will. With AdGuard VPN's five-year plan, you're getting enterprise-level privacy at a price that makes financial sense. And it's on sale for just $34.97 (MSRP: $359.40). Using its own advanced security protocol, AdGuard delivers faster, safer browsing without the bottlenecks you find in other VPNs, the company says. That means streaming presentations, downloading large files, and accessing client portals securely — all without slowdown. You'll also have access to 70+ global locations, letting you bypass geo-restrictions and test websites, ads, or digital products exactly as your customers see them across different regions. For distributed teams, this ensures everyone can connect securely and consistently, no matter where they work. With a strict zero-logging policy, AdGuard VPN ensures that your browsing history and activity stay private — even from them. And because your subscription supports up to 10 devices simultaneously, you can cover your laptop, phone, tablet, and workstations in one go. Or you can cover 10 of your staff's devices. For $34.97 (MSRP: $359.40), you're not just buying software — you're buying five years of AdGuard peace of mind. In an era where data is a business's most valuable asset, that's a return on investment you can't ignore. AdGuard VPN: 5-Yr Subscription See Deal StackSocial prices subject to change.
Forbes
an hour ago
- Forbes
The U.S. Message To Australia And Japan
The United States is, not surprisingly, concerned about alliance burden-sharing and security commitments, recently focusing on Australia and Japan and their respective views toward Taiwan. U.S. Undersecretary of Defense Elbridge Colby has raised this issue in conversations with Australian and Japanese leadership, asking these two U.S. allies to clarify their security commitments to Taiwan in the event of a mainland Chinese attack. The U.S. itself has long maintained a posture of 'strategic ambiguity,' deliberately avoiding specifics about its potential response to such a scenario. Colby's initiative aimed to signal regional unity in the U.S. effort to preserve the status quo between Taiwan and the mainland. It also carried a practical appeal: encouraging U.S. allies to strengthen their defense capabilities. Burden-sharing remains a perennial challenge in alliances, driven by the natural temptation for partners to save on defense expenditures and, relatively speaking, benefit from the U.S. defense budget. Partners tend to underinvest in their own defense, relying on the U.S. security umbrella. Here lies the paradox: neither Japan nor Australia can independently defend Taiwan. Only the United States possesses the military capacity—and therefore the credibility—to deter the People's Republic of China. Only the U.S. can impose long-term costs on China. Whether Australia or Japan increases or decreases its defense spending, the sole indispensable component of deterrence remains U.S. credibility. Japan knows this. Australia knows this. The U.S. knows this. Most importantly, China knows this. So why would Japan or Australia seek to strengthen their security commitments to Taiwan when doing so offers no meaningful advantage to Taiwan but risks provoking China? While Colby's outreach stirred debate in both countries, officials reiterated their positions of not formalizing any commitment to a hypothetical conflict. Australian Prime Minister Anthony Albanese stated that Australia would not commit troops in advance to any conflict. That ambiguity reflects a desire to maintain strategic flexibility and avoid premature entanglement in a potential war. This conversation unfolds at a moment when the Trump administration is challenging or reshaping long-held positions and procedures in the Asia-Pacific and beyond. As Trump imposes higher tariffs on both Australia and Japan, the U.S. signals a shift away from its traditional role in alliance leadership and regional problem-solving—making itself a less attractive partner by reducing predictability and increasing the cost of engagement. Much of what the U.S. is attempting in its trade relationship with Australia is viewed as unnecessary, counterproductive, or even in bad faith. The U.S. has a Free Trade Agreement with Australia that eliminates tariffs on nearly all bilateral trade. In fact, the U.S. currently enjoys a trade surplus with Australia—one of Trump's stated trade goals. Rather than leading with a call for increased commitment to Taiwan, the U.S. could have pursued a less controversial approach: encouraging Japan and Australia to expand joint military exercises, enhance maritime surveillance, or simply boost defense spending without direct reference to China. By centering its request on Taiwan, the U.S. chose the approach least likely to elicit a positive response from its allies. The Trump administration's outreach to Japan and Australia appears to have resulted in diminished confidence in the U.S. and reduced credibility regarding Taiwan. The paradox is that the U.S. may still see incremental increases in both countries' defense budgets in the coming years—but driven by concern about the U.S., not concern about China.
Forbes
3 hours ago
- Forbes
Delete Any Message On Your Smartphone If You See This Word
American smartphone users are under attack from billions of malicious text messages courtesy of organized criminal gangs in China. Whether unpaid tolls, undelivered packages or DMV motoring offenses, the theme is the same. An urgent threat with a payment link that directs to a fake website which steals your financial details. Proofpoint warns that 'there was a 2,534% increase' in such threats last year, and nothing has changed since. Guardio has just detected 'a new wave of DMV scam texts hitting the U.S. In just the past week, its team has spotted a 56.8% rise in DMV scam texts, with August 11 marking the peak so far.' While it's easy to avoid these malicious texts if you know to beware a particular lure. Unpaid tolls and DMV offenses have generated a tidal wave of publicity, and most Americans will have seen at least some of this by now. But these lures can be easily changed. The one thing that doesn't change, though, is the use of a malicious link. Sometimes that's enough to raise a red flag. While there are clever ruses, where attackers design URLs that use dashes to form a '[.TEXT]-COM' which might trick a cursory glance into thinking it's a genuine .COM address. But usually it's much easier to quickly detect the issue and determine the text is a malicious fake (1,2,3). In the most recent 'Ranking of TLDs by Phishing Domains,' from May through July this year, the top level domain (TLD) that stands out more than any other is .XIN. And URLs under that TLD are a driving force behind many of these attacks. It's not the most popular TLD, but it's the one that's almost guaranteed to be a scam. Every single time. Almost 22,000 of the near 50,000 .XIN top level domains are 'phishing domains.' That compares to just 35,000/1,350,000 for .VIP or 115,000/4,500,000 for .TOP, two other phishers' favorites. Nothing comes close to .XIN when it comes to its relative threat. That's why this TLD tops the phishing domain score with 4421 versus 16 for .COM. .XIN is a Chinese domain operated out of Hong Kong. The word means 'new' and claims to be aimed at Chinese tech innovators. Instead it's the most obviously and openly dangerous TLD in the world. If you see .XIN in any link in an email, social media post or especially a text, delete the message right away — certainly never click it. 'For many of us,' Proofpoint says, 'our smartphone contains the keys to both our personal and professional lives. Unsurprisingly, cybercriminals have recognized this is a two-for-one opportunity and increased their targeting of mobile devices. When it comes to attacking users across multiple devices, URL-based threats are the perfect tool.'
