Qantas has confirmed that a “potential” cyber criminal has made contact with the airline following a cyber attack on one of its call centres last week, which targeted the details of around six million customers.
On June 30, Qantas said it detected “unusual activity” on a third-party customer servicing platform where customers have service records stored. Upon detection of the breach, Qantas took “immediate steps and contained the system”.
The Australian carrier said it expects the proportion of stolen data to be “significant”, after an initial review confirmed that this includes customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.
Despite this breach no credit card details, personal financial information and passport details were taken, as this data is not held within this third-party system.
A spokesperson for the airline told Airline Economics that there is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, the situation is being continuously monitored.
“We know that data breaches can feel deeply personal and understand the genuine concern this creates for our customers. Right now we’re focused on providing the answers and transparency they deserve,” said Vanessa Hudson, Qantas CEO. “Our investigation is progressing well with our cybersecurity teams working alongside leading external specialists to determine what information has been accessed."
The airline spokesperson added that Qantas has engaged the Australian Federal Police and won’t be commenting any further on the detail of the contact.