Qantas Airways has apologised for a cyber attack affecting six million of its customers. Photo: Supplied.
Qantas is in damage control following a cyber attack that has stolen data from up to six million people on its records, leaving them unsure about how their personal information might be used.
The airline has confirmed through a statement posted on its website an investigation is under way and is expected to uncover that the “proportion of the data” stolen is “significant”.
Qantas Airways chief executive officer Vanessa Hudson has written to customers and apologised, but stressed the incident has had no impact on flights and safety.
At this stage, Qantas insists that while the amount of stolen personal data appears to be potentially huge, it does not include credit card and financial information or passport details.
Names, addresses, dates of birth and frequent flyer numbers of some customers, however, have been stolen.
The attack seems to have been contained to one Qantas contact centre. The airline has not publicly named the centre in question.
“I wanted to update you on a cyber incident that occurred in one of our contact centres impacting customer data. The system is now contained,” Ms Hudson wrote.
“For those customers whose information has been potentially compromised you will receive further communication from us shortly.
“To all our customers, I would like to sincerely apologise that this has occurred.
“There is no impact to Qantas’ operations or the safety of our airline.
“However, we understand that when personal information is at risk, it can affect peace of mind, so we wanted to update all of our customers on what occurred and what we are doing.”
The CEO’s letter goes on to explain that unusual activity was detected on Monday (30 June) on a third-party platform used by one of the airline’s contact centres.
She said the incident was “immediately contained” and confirmed all Qantas systems remained secure.
“Our initial investigations show the compromised data includes some customers’ names, email addresses, dates of birth and Frequent Flyer numbers,” the letter says.
“Importantly, no credit card details, personal financial information and passport details are held in the system that was accessed.
“No Frequent Flyer accounts, passwords, PIN numbers or log in details have been compromised.”
The airline is now working with government agencies and independent cyber security experts while responding to the incident.
Qantas has opened a dedicated support line on 1800 971 541 or +61 2 8028 0534 for assistance, which will include specialist identity protection advice.
“If you have upcoming travel, there’s nothing you need to do. You can check flight details anytime via the Qantas App or website,” Ms Hudson said.
“We understand situations like this create genuine concern and we want you to know we are taking this seriously.”
The airline said it was also putting additional security measures in place in light of the incident, to “further restrict access and strengthen system monitoring and detection”.
Qantas shares dropped after the attack was revealed on Wednesday.
