QANTAS: Cyber hack update — 5.7 million in data breach

In an update to the previous story on the hacking of Frequent Flyer data, Qantas has started emailing customers affected by last week’s call centre cyber incident. The Australian airline is detailing exactly what personal data was compromised and what wasn’t. The update may allay some fears, but is also a wake-up call for all frequent flyers to remain vigilant against scammers.

What happened?

A cyber incident at Manila-based Qantas’ service centre allowed criminals to gain access to a system containing customer data. The airline says there’s no evidence any stolen data has been publicly released, and that it continues to monitor the situation with cybersecurity experts.

Even Chairman’s Lounge members, who include the great and good, such as Members of Parliament, the prime minister, and leaders of the nation’s largest corporations, are included in the hack.

Qantas has reconfirmed that no credit card details, financial information, or passport numbers were stored on the compromised system. There is no impact on Frequent Flyer accounts or passwords. The stolen data isn’t sufficient to access your frequent flyer account.

The data accessed

After removing duplicates, Qantas found 5.7 million unique customer records were in the system, with varying data fields depending on the customer. Here’s the breakdown:

• 4 million records: name, email address, and Qantas Frequent Flyer details.
  • 1.2 million with just name and email.
  • 2.8 million with name, email, Frequent Flyer number (many with tier status, some with points balance and status credits).
• 1.7 million records included combinations of:
  • 1.3 million: addresses (home, business, hotels for lost baggage delivery)
  • 1.1 million: date of birth
  • 900,000: phone numbers (mobile/landline/business)
  • 400,000: gender
  • 10,000: meal preferences

Multiple email addresses may result in some customers having multiple records.

What Qantas is doing now

Qantas is progressively emailing affected customers with details of the data compromised in the system, offering tailored advice and support.

Vanessa Hudson, Qantas Group CEO, said the airline’s

“absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible.”

Hudson added that Qantas has implemented additional cybersecurity measures since the breach and remains in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre, and Australian Federal Police.

Need help or worried?

Qantas has a dedicated 24/7 support line for affected customers:

• Australia: 1800 971 541
• Overseas: +61 2 8028 0534

This service offers specialist identity protection advice and resources if you need guidance.

What customers should do

While Qantas says there’s no evidence the stolen data has been misused, customers should remain cautious:

Be vigilant: Watch out for suspicious emails, texts or calls claiming to be from Qantas. Don’t click links or give out personal details.

Verify contacts: If in doubt, call Qantas using a phone number from the official website, not one obtained from an email or text.

Enable two-factor authentication on email and other online accounts.

Stay informed:

• Australian Cyber Security Centre
• Scamwatch
• IDCARE Learning Centre
• Office of the Australian Information Commissioner

Never share passwords or sensitive login details with anyone. Qantas will never request this information via unsolicited contact.

If you believe scammers have targeted you, report it to Scamwatch.

2PAXfly Takeout

No financial details, passport information, or frequent flyer passwords were stolen, according to Qantas.

There’s no current evidence of misuse. However, your name, email, address, date of birth, phone number, and other personal data may have been exposed, so take this as a prompt to enhance your cyber hygiene and stay vigilant.

If you receive an email from Qantas about your data, read it carefully and follow any recommended steps. For now, Qantas says its systems are secure, and your frequent flyer points remain safe – but your best defence is awareness.

Apparently, some Frequent Flyers are reporting an increase in scam emails and text messages. Personally, I seem to be receiving my usual number of unsolicited, poorly worded texts about undelivered Australia Post parcels, as well as offers to increase my social media presence.

I’ve been using the ‘report spam and delete’ function on my macOS text app and the contact blocking feature on my email software frequently.