Qantas confirms customer data breach amid Scattered Spider attacks – Source: securityaffairs.com

Qantas reports a cyberattack after hackers accessed customer data via a third-party platform, amid ongoing Scattered Spider aviation breaches.

Qantas, Australia’s largest airline, disclosed a cyberattack after hackers accessed a third-party platform used by a call centre, stealing significant customer data. The breach, linked to ongoing Scattered Spider activity, was detected and contained on Monday. Qantas confirmed that while the system is now secure, a substantial amount of data was likely compromised during the incident.

“Qantas can confirm that a cyber incident has occurred in one of its contact centres impacting customer data. The system is now contained.” reads the statement published by the company. “We understand this will be concerning for customers. We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available. The incident occurred when a cyber criminal targeted a call centre and gained access to a third party customer servicing platform.”

Australia’s largest airline detected unusual activity on a third-party platform used by its contact centre and quickly contained it. The company highlights that while core systems remain secure, data from up to 6 million customer service records may have been stolen, including names, emails, phone numbers, birth dates, and frequent flyer numbers. No financial data, passport details, passwords, or login credentials were compromised.

As the investigation continues, Qantas is enhancing security by tightening access controls and improving system monitoring. The airline has notified the Australian Cyber Security Centre, the Privacy Commissioner, and the Federal Police due to the criminal nature of the breach. Qantas has also set up a dedicated support line and webpage to keep customers informed, and will provide ongoing updates through its website and social media.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously. “We are contacting our customers today and our focus is on providing them with the necessary support.” Qantas Group Chief Executive Officer Vanessa Hudson said.

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.” 

At the end of June, the FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector.

The cybercriminals are using social engineering techniques to gain access to target organizations by impersonating employees or contractors. In many cases, threat actors employed methods to bypass multi-factor authentication (MFA), by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.” reads the alert published by the FBI on X. “They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”

Scattered Spider is targeting large corporations and their third-party IT providers; every organization in the airline sector is a potential target, including trusted vendors and contractors.

Scattered Spider steals data for extortion and often launches ransomware once inside. The FBI partners with the aviation industry to stop attacks and help victims. FBI recommends that quickly reporting helps the FBI act fast, share intel, and limit damage.

“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims.” continues the alert. “Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise.”

Recently, Unit 42 also warned that Muddled Libra is targeting aviation with advanced social engineering and fake MFA reset attempts.

“Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry. Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.” Palo Alto Networks Unit 42’s Sam Rubin wrote on LinkedIn.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Qantas)