Latest news with #TonyJarvis
ABC News
2 days ago
- Business
- ABC News
Here's what the Qantas cyber attack may mean for your data and what to do to protect yourself
Cybersecurity experts are warning Qantas customers to remain vigilant to scams and hacking attempts in coming days, after as many as 6 million Australians were caught up in a data breach. Qantas has revealed it came under attack by cybercriminals on Monday and is continuing to investigate exactly how many customer records were stolen, of the millions on the platform that was breached. Here's what we know about the data accessed, how it could be used by cybercriminals and what you can do to protect yourself in the wake of the incident. Qantas says a cybercriminal targeted a call centre and then gained access to a third-party customer servicing platform. The airline has outlined the data stolen: it includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers. "Importantly, credit card details, personal financial information and passport details are not held in this system," the airline's statement reads. Qantas said the system that was accessed contains the records of 6 million customers. It said it would contact all of those who were potentially affected. On Wednesday, a message was sent to Qantas Frequent Flyer members, noting: "For those customers whose information has been potentially compromised, you will receive further communication from us shortly." So, essentially, watch this space if you are a Qantas customer. Tony Jarvis, the chief information security officer at cybersecurity firm Darktrace, told The Business that personal data had different values when sold on the dark web, depending on the nature of the data. As of Wednesday evening, Mr Jarvis couldn't detect any data from the Qantas breach for sale on the dark web but said he would continue to monitor the situation. He advises Qantas customers to stay across updates from the airline in case further details of the type of data compromised are released. Qantas has established customer support lines and says it will also maintain a dedicated page on its website to keep customers updated. The biggest risk for people now is that their data is used to attempt fraud, target scams or, in the worst-case scenario, steal their identity. Personal details can be used to add weight to impersonation scams — for example, pretending to be a company or agency someone has an account with. He therefore warns Qantas customers to be vigilant about handing over extra details, like credit card information or bank details, to people claiming to be from government agencies or companies. "Then it becomes a financial loss," he added. Cybercrime specialist Richard Buckland agrees that further scam attempts remain one of the biggest concerns from the Qantas breach. The data could also be used to try and hack into accounts on other services. If you use the same email address across many online profiles, stolen information such as your date of birth, address or phone number could be used to try and gain access to other accounts and even financial records. "The information that's been stolen is used by lots of companies to identify them," Professor Buckland, from UNSW, said. In previous cybersecurity incidents involving major Australian companies including Medibank and Optus, there were also concerns that people's personal information could be sold on the dark web to carry out further identity theft. In Medibank's case, the data hacked was so sensitive in nature — with personal healthcare records accessed — that it also led to grave concerns for people's individual wellbeing and ransom demands against Medibank. Both Professor Buckland and Professor De Silva note that such sensitive information hasn't been reported as accessed in the Qantas hack. If you're a member of the Qantas loyalty program, you might be wondering if your points are at risk. Qantas has listed frequent flyer numbers as among the data compromised, but says "no frequent flyer accounts were compromised". However, Professor Buckland warns those accounts could be targeted in subsequent hacking attempts, given membership numbers are among the data breached. "It's quite possible this could be used to log into the frequent flyer system by claiming you've lost a password and trying to do some sort of password reset," he said. Airline loyalty commentator Adele Eliseo notes that loyalty balances are extremely valuable, describing them as a financial asset. "Frequent flyer numbers are more than membership references. They are the gateway to accessing points with tangible financial value, and when linked with personal information, they expose account holders to significant vulnerability," she said. She encourages people to log in to their accounts often in coming weeks and months and check for any unusual activity, and consider two-factor authentication. The consensus among the cyber experts we spoke to? An oldie but a goodie — change your passwords. "Then just watching it closely. Presumably, if someone does go in and steal those points or it uses them for things, Qantas is able to reimburse that, so I think it's just a matter of noticing that that's happened." Professor De Silva says people should think about resetting passwords and make them as secure as possible, including by using password generation software that encrypts codes. "This is something we should be doing regularly," he said. Darktrace's Mr Jarvis warns people to avoid clicking on links in emails purporting to be from Qantas, as companies that have experienced cyber attacks are often impersonated in their wake. Professor De Silva also says there is a risk that people's credit card details have been stored along with their frequent flyer accounts, and that this information could now be accessed too. In this instance, he thinks people should take the "extreme measure" to cancel their credit card, "to be on the safe side".
ABC News
2 days ago
- Business
- ABC News
Why big business should take heed of the Qantas "supply chain" cyber attack
Tony Jarvis from cyber prevention firm Darktrace explains the likely value of Qantas' stolen customer records, why the actor behind the attack could be the Scattered Spider Ransomware gang, and why big business should take more interest in the cyber security of supply chain partners.
