Cybersecurity concerns are mounting as hackers have exposed the personal data of approximately 5.7 million Qantas customers. The airline confirmed on Sunday that it was among many global firms impacted by this significant breach.
A spokesperson for Qantas stated, "With the help of specialist cyber security experts, we are investigating what data was part of the release." This breach was linked to a cyber attack carried out in early July on Salesforce, a third-party platform provider for Qantas.
The hacking collective known as Scattered LAPSUS$ Hunters managed to compromise data from 39 major companies, including notable names like Disney and FedEx. These cybercriminals had threatened to release sensitive customer data if their undisclosed ransom demand was not met. Salesforce chose not to comply with these demands, leading to the public dissemination of the data.
By the Numbers
By the Numbers
By the Numbers
The leaked data encompassed a variety of personal information, including full names, email addresses, Frequent Flyer account details, home and business addresses, dates of birth, phone numbers, gender, and meal preferences for certain customers. Fortunately, the breach did not include credit card information, personal financial data, passport details, or login credentials.
Troy Hunt, a prominent cybersecurity expert and founder of Have I Been Pwned, disclosed that he had verified his own data in the leak, which included personal details about his family and frequent flyer balance. Hunt noted, "There’s absolutely no putting the genie back in the bottle," indicating the persistent threat posed by the exposure of such sensitive information.
"There’s absolutely no putting the genie back in the bottle,"
Further complicating matters, Hunt pointed out that while the data was initially taken offline, it appeared to resurface swiftly on the same platform, showcasing a troubling level of access. He remarked, "It’s all over the place," emphasizing the widespread availability of the leaked data via both dark and clear web channels.
"It’s all over the place,"
As part of its response, Qantas has secured an injunction from the NSW Supreme Court to prevent further access and unauthorized use of the stolen data. The airline is also providing a support hotline and expert guidance on identity protection for affected customers.
The incident highlights a growing trend in cybersecurity, as breaches targeting confidentiality become more prevalent. Hunt explained, "Hackers have pivoted from ransomware to attacks on confidentiality, making it even harder for companies to manage extortion attempts.” He noted that this could lead to a rise in identity theft, given the volume and nature of the personal information released.
Impact and Legacy
Impact and Legacy
Qantas is likely to face increased scrutiny following this breach, especially in light of past incidents involving other companies. For example, Optus suffered a major data compromise in 2022 impacting over 10 million customers. Similarly, a breach at Dymocks contributed to over a million individuals' data being exposed on the dark web in 2023.
In light of the situation, organizations are reminded to remain vigilant as they navigate this shifting landscape of cyber threats. As Hunt indicated, the paradigm has shifted from traditional ransomware scenarios to more nuanced extortion methods, complicating the response strategies for companies.
Despite the challenges, Salesforce remains steadfast in its position, with a representative declaring that the company “would not engage, negotiate with, or pay any extortion demand.” This declaration sets a precedent for how firms may handle similar incidents moving forward, emphasizing the importance of security and resilience in an increasingly risky digital environment.
