SYDNEY: Australian airline Qantas has confirmed that data belonging to 5.7 million customers was leaked online following a major cyberattack earlier this year.
The airline is among dozens of global firms affected by the breach targeting software company Salesforce, with other victims including Disney, Google, IKEA, Toyota, McDonald’s, Air France, and KLM.
Salesforce acknowledged this month that it was aware of recent extortion attempts by threat actors.
Qantas had previously confirmed in July that hackers targeted one of its customer contact centres, breaching a third-party computer system now identified as Salesforce. The breach compromised sensitive customer information including names, email addresses, phone numbers, and dates of birth.
No further breaches have occurred since the initial incident, and Qantas is cooperating with Australian security services. The airline stated it was one of many companies globally that had data released by cyber criminals following the cyber incident in early July where customer data was stolen via a third-party platform.
Most of the leaked data consisted of names, email addresses, and frequent flyer details. Some records also included customers’ business or home addresses, phone numbers, gender information, and meal preferences.
Qantas confirmed that no credit card details, personal financial information, or passport details were impacted by the breach. The company has obtained a legal injunction from the Supreme Court of New South Wales, where Qantas is headquartered, to prevent the stolen data from being accessed, viewed, released, used, transmitted, or published.
Cybersecurity expert Troy Hunt described the legal injunction as frankly ridiculous. He explained that such measures obviously do not stop criminals at all anywhere and really do not have any effect on people outside of Australia. In response to questions about the leak, Google directed attention to an August statement confirming one of its corporate Salesforce servers had been targeted.
Melanie Lombardi, head of Google Cloud Security Communications, stated that Google responded to the activity, performed an impact analysis, and completed email notifications to potentially affected businesses.
Cybersecurity analysts have linked the hack to individuals associated with Scattered Lapsus$ Hunters, an alliance of cybercriminals. Research group Unit 42 reported that the group had asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. The hackers had reportedly set an October 10 deadline for ransom payment.
Experts revealed that the hackers stole the sensitive data using social engineering techniques, which involve manipulating victims by pretending to be company representatives or other trusted persons.
The FBI issued a warning last month about such attacks specifically targeting Salesforce. The agency explained that hackers posing as IT workers had tricked customer support employees into granting them access to sensitive data.
Hunt noted that these methods have been very effective despite not using any sophisticated technical exploits. He observed that the hackers have exploited really the oldest tricks in the books. This data breach affecting Australia’s largest airline comes amid growing concerns about personal data protection following a series of major cyberattacks across the country.
Qantas had previously apologised last year after a mobile app glitch exposed some passengers’ names and travel details. Australia’s freight trade also suffered significant disruption in 2023 when hackers infiltrated computers belonging to port operator DP World, bringing major ports handling 40% of the country’s freight to a halt. – AFP
