Millions of Qantas customers’ personal details have leaked

Impacted customers can can access specialist identity protection services by calling the Qantas helpline on 1800 971 541.

Millions of Qantas customers’ personal details have leaked

The personal data of more than 5.7 million Qantas customers has reportedly been leaked on the dark web.

The Australian airline is one of at least 39 global companies who were affected.

All use software giant Salesforce to store customer data.

Here’s the latest.

Context

In July, Qantas said it had detected “unusual activity” at a third-party call centre and responded immediately to contain the breach.

The airline later confirmed its customer database had been compromised. It contained names, email addresses, birth dates and Frequent Flyer numbers of at least 5.7 million Qantas customers, who were notified.

Sensitive data like passport information and financial details were not included in the hack.

Hackers

The hackers are part of a cybercrime collective called Scattered Lapsus$ Hunters (SLSH).

They obtained the Qantas data by posing as an employee and convincing a worker at the call centre to give them access to the customer database.

You have read 0 articles this year.

Your contribution ensures The Daily Aus can continue doing the work you love.

Salesforce is a software platform used to manage customers.

At least 39 other major companies that use Salesforce were implicated in attack, including Toyota, Disney, McDonald’s, Ikea, and Adidas.

Ransom

Last week, SLSH posted a sample of the data to their website, demandingSalesforce pay a ransom on behalf of the companies whose customer data had been compromised by 10 October.

When the deadline arrived, SLSH said it had leaked data for six companies, including Qantas.

The alleged hackers posted a message with the data, saying: “Don’t be the next headline, should have paid the ransom.”

Response

A Salesforce spokesperson told TDA the company “will not engage, negotiate with, or pay any extortion demand.”

Qantas said it is working with cyber security experts to investigate “what data was part of the release.” So far, it said the majority of customer records were limited to name, email address and Frequent Flyer details.

Cyber Security Minister Tony Burke told the ABC that Qantas could be subject to legal repercussions over the breach. He warned Australians to be wary of a “cold call from somebody who sounds like they’re from Qantas”.

Get Australia's free morning news brief.

Trusted by 400,000 Australians. Free, every weekday.

Already subscribed? Just enter your email above. Privacy Policy.