Qantas unsure who was behind cyber attack, days after personal information of six million customers was stolen

Millions of Qantas customers will have to wait until next week to find out what type of personal data was stolen in a major cyber attack.

The Australian airline first detected “unusual activity” after a cyber criminal targeted its Manila call centre and gained access to one of its third-party platforms on Monday.

An initial review found stolen data included names, email addresses, phone numbers, birth dates and Frequent Flyer numbers.

Frequent Flyer accounts, passwords, PIN numbers and login details were not compromised.

Customers who have been hit will be notified next week on the type of personal data that was stolen.

“Next week we will be in a position to update affected customers on the types of their personal data that was contained in the system,” a spokesperson said.

“This will confirm specific data fields for each individual which will vary from customer to customer.

“We have increased resourcing in our contact centres to support our customers and have received more than 5000 enquiries through our dedicated customer support line established following the cyber incident.”

Initial reports suggested the airline had been attacked by Scattered Spider — an international ransomware group claiming responsibility for cyber attacks against international airlines including Hawaiian Airlines and Canada’s WestJet.

But Qantas on Friday said it had not been contacted by anyone claiming to have stolen the data.

“We’re continuing to work with the government authorities to investigate the incident,” a spokesperson said.

The airline said it was working with specialist cyber experts and confirmed there had been “no further threat activity in the system”.

Qantas also said extra security measures had been put in place to “further restrict access and strengthen system monitoring and detection”.

“This includes additional security measures for Qantas Frequent Flyer accounts to further protect these from unauthorised access, including requiring additional identification for account changes,” a spokesperson said.

The airline started contacting affected customers on Wednesday, with Qantas chief executive Vanessa Hudson “personally apologising” in a letter for the wide-scale attack.

“I’m writing to inform you that we believe your personal information was accessed during the cyber incident we recently experienced. I want to personally apologise that this has happened and explain what we know and how we’re supporting you,” the letter reads.

“Our initial investigations show the compromised data may include names, email addresses, phone numbers, birth dates and Frequent Flyer numbers.

“Importantly, your credit card details, financial information and passport details were not accessed.”

Ms Hudson said she was focused on providing “answers and transparency”.

“We know that data breaches can feel deeply personal and understand the genuine concern this creates for our customers,” she said.

“Our investigation is progressing well with our cyber security teams working alongside leading external specialists to determine what information has been accessed.

“We’re finalising a process that will enable us to provide affected customers with more information about their personal information that was potentially compromised.”

The airline boss assured customers the airline was taking the data breach “extremely seriously”.

“Our customers can be assured that we have the right expertise and resources dedicated to resolving this matter thoroughly and effectively,” she said.

“I want to apologise again for the uncertainty this has caused.

“We’re committed to keeping our affected customers informed with regular updates as our investigation progresses.”