Qantas begins to update customers impacted by the recent cyber attack

Qantas has begun updating customers on the personal data that was compromised as a result of the cyber incident in one of its call centres recently.

During the first week of July, ARN reported, Qantas confirmed a major cyber incident involving a third-party platform. The attack potentially compromised the personal data of up to six million customers in what is being described as a ‘significant’ breach.

Since then, the Australian-owned airline had “progressed its forensic analysis of the customer data in the system that was compromised”, said Qantas.

Qantas said sensitive data such as credit card details, personal financial information, passport information, or login credentials were not accessed during the attack.

However it was working with specialist cyber security experts to actively monitor the situation.

In a statement Qantas reconfirmed no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.

There had been no impact to Qantas Frequent Flyer accounts, while passwords, PINs and login details had not been accessed or compromised. 

“The data that was compromised is not enough to gain access to these frequent flyer accounts,” said Qantas. “After removing duplicate records, our investigation has found that there were 5.7 million unique customers’ data held in the system. 

An analysis of customers’ personal data found that four million customer records information, like name, email address, and Qantas Frequent Flyer details. Specific data fields varied from customer to customer.

Qantas was advising customers to take general precautionary steps and remain vigilant to any misuse of personal information.

The airline was progressively emailing affected customers to advise them of the types of their personal data that was contained in the impacted system and provide advice and support.

Qantas group CEO Vanessa Hudson said its “absolute focus since the incident” has been to understand what data has been compromised for each of the 5.7 million impacted customers.

“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services,” she said. “Since the incident, we have put in place a number of additional cyber security measures to further protect our customers’ data, and are continuing to review what happened.

“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.”