Qantas acknowledges a substantial data breach at their customer service department
In a concerning development, Australian airline Qantas has suffered a cyber-attack that may have compromised the personal information of millions of its customers. The breach, which was detected on Monday, appears to have been caused by a targeted and sophisticated voice-phishing (vishing) campaign that exploited Salesforce environments.
According to initial reviews, a significant volume of personal information, including names, email addresses, phone numbers, dates of birth, and frequent flyer numbers, may have been stolen. However, it's important to note that the breach did not involve access to credit card details, personal financial information, passports, passwords, PINs, logins, or frequent flyer accounts.
Qantas immediately took steps to contain the incident, and all of its systems remain secure, according to the airline's claims. The exact number of affected customers is not specified, but widespread reports suggest it could be as high as six million. Qantas is continuing to investigate the proportion of the data that has been stolen.
The Qantas breach bears resemblance to recent attacks on Canada's WestJet Airlines and Hawaiian Airlines, which also occurred last month. While the connection to the Qantas attack is unclear, both incidents have been linked to the Scattered Spider group, a collective known for targeting SaaS platforms and cloud environments through social engineering and extortion attacks.
However, the Scattered Spider group has not been confirmed as the culprit behind the cyber-incidents at WestJet Airlines and Hawaiian Airlines. Jordan Avnaim, CISO of Entrust, argues that the Qantas attack may have been timed to coincide with the busy summer travel period, potentially creating havoc by disrupting operational continuity and creating customer distrust.
Darren Argyle, former Qantas group CISO, suggests that the Qantas incident may align with recent FBI warnings about the Scattered Spider group. He emphasises that defending against such risks requires more than perimeter controls; it demands continuous workforce education, zero-trust principles, phish-resistant multi-factor authentication, and identity verification that can't be socially engineered. Security, he argues, must be a standing board-level conversation, with ongoing investment in both technology and response readiness.
As the investigation continues, Qantas assures its customers that it is taking the incident very seriously and is committed to providing updates as more information becomes available. It encourages customers to remain vigilant and to report any suspicious activity to the appropriate authorities.
