Qantas Reveals “Significant” Contact Center Data Breach – Source: www.infosecurity-magazine.com

Qantas today revealed that a contact center breach may have led to the compromise of a “significant” volume of personal information belonging to customers.

 The Australian airline said it first detected unusual activity on Monday.

“The incident occurred when a cybercriminal targeted a call center and gained access to a third-party customer servicing platform,” it explained today.

“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.”

Although it didn’t specify how many customers may be affected, widespread reports suggest the figure could be as high as six million.

Read more on airline breaches: API Supply Chain Attacks Put Millions of Airline Users at Risk

The airline was at pains to point out that “immediate steps” were taken to contain the incident, and that the breach did not impact its operations.

“We can confirm all Qantas systems remain secure,” it claimed.

Qantas added that the threat actor was not able to access credit card details, personal financial information, passport details, passwords, PINs, logins or frequent flyer accounts.

Caught in a Scattered Spider Web?

The notice comes just days after the FBI warned that actors from the infamous Scattered Spider collective had begun targeting the airline sector. Canada’s WestJet Airlines and Hawaiian Airlines both disclosed cyber-incidents last month, although it’s unclear who was behind these, and if they were in some way connected to the Qantas attack.

“While investigations continue, some indicators suggest this incident may align with recent FBI warnings about the Scattered Spider group, known for targeting SaaS platforms and cloud environments through social engineering and extortion attacks,” said former Qantas group CISO, Darren Argyle, in a LinkedIn post.

“No organization is immune from the evolving threat landscape, particularly when sophisticated groups like Scattered Spider target critical industries.”

Entrust CISO, Jordan Avnaim, argued that the attack may have been timed to coincide with the busy summer travel period – where malicious actors “can potentially create havoc by disrupting operational continuity and creating customer distrust.”

He added, “Defending against these risks requires more than perimeter controls. It demands continuous workforce education, zero-trust principles, phish-resistant multi-factor authentication and identity verification that can’t be socially engineered. Security must be a standing board-level conversation, with ongoing investment in both technology and response readiness.”