Qantas, Australia’s largest airline, announced on Wednesday that it was targeted in a cyberattack which resulted in the breach of information related to six million customers. The incident was detected on June 30, when the airline observed unusual activity on a third-party platform utilized by its contact center, according to a company announcement.
The compromised platform held sensitive customer details, including names, email addresses, phone numbers, birth dates, and frequent flyer numbers. However, Qantas confirmed that no credit card information, personal financial data, or passport details were stored on this system.
In a statement, Qantas indicated that while they are still assessing the scope of the data breach, they believe that a significant portion of the data has been compromised. A FAQ section about the incident reassures affected customers that they will receive additional communications regarding the status of their information.
The airline claimed that its operational systems remain secure despite the breach. However, the threat posed by the exposure of personal data may pose risks not only to Qantas but also to its numerous commercial partners, including banks and retailers that utilize the airline’s frequent flyer program. If the repercussions of this attack extend beyond Qantas, it could echo previous notorious cyberattacks in Australia, including the significant breaches at health insurer Medibank and telecommunications company Optus.
Qantas has not disclosed the identity of the attacked platform but has been linked to Salesforce and Genesys technology, commonly employed in call centers. The airline is committed to investigating the breach thoroughly as it strives to maintain customer trust in the wake of this serious cybersecurity incident.