Qantas Airways, Australia’s flagship airline, suffered a cyber incident in July 2024 where hackers breached a third-party platform used by its customer contact center, exposing data of up to **6 million customers**. The compromised records included **names, email addresses, phone numbers, birth dates, and frequent flyer numbers**, though the airline confirmed that **credit card details, financial data, passports, passwords, and login credentials remained unaffected**. The breach was linked to **social engineering tactics**, with the FBI warning that the cybercriminal group **Scattered Spider**—known for impersonating employees to bypass IT security (including multifactor authentication)—was targeting the airline sector. Qantas secured a **court order to block further dissemination** of the stolen data and implemented **enhanced security measures**, including staff training and system monitoring. While no ransomware was reported, the incident prompted concerns over **identity theft risks** and reputational damage. Customers were offered **specialist identity protection services**, and the airline committed to ongoing updates as investigations continue.
Source: https://www.foxbusiness.com/lifestyle/major-airline-says-customer-data-leaked-after-cyberattack
TPRM report: https://www.rankiteo.com/company/qantas
"id": "qan3292432101325",
"linkid": "qantas",
"type": "Cyber Attack",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6,000,000',
'industry': 'Aviation',
'location': 'Australia',
'name': 'Qantas Airways',
'size': 'Large (6M+ Customer Records Exposed)',
'type': 'Airline'}],
'attack_vector': ['Social Engineering',
'MFA Bypass',
'Third-Party Platform Exploitation'],
'customer_advisories': ['Identity Protection Services Offered',
'Specific Data Impact Notifications'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Customer Service Records'],
'number_of_records_exposed': '6,000,000',
'personally_identifiable_information': ['Names',
'Email Addresses',
'Phone Numbers',
'Birth Dates',
'Frequent Flyer '
'Numbers'],
'sensitivity_of_data': 'Moderate (No Financial/Passport Data)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Service Records']},
'date_detected': '2024-07',
'date_publicly_disclosed': '2024-07',
'description': "Australia's Qantas Airways confirmed that customer data was "
'posted online following a July 2024 cyber incident impacting '
'a third-party platform used by its contact center. The breach '
'exposed service records for 6 million people, including '
'names, email addresses, phone numbers, birth dates, and '
'frequent flyer numbers. The airline secured a court order to '
'block further dissemination of the stolen data and '
'implemented enhanced security measures, including increased '
'team training and system monitoring. The FBI linked the '
"attack to the 'Scattered Spider' cybercrime group, known for "
'social engineering and MFA bypass techniques targeting large '
'corporations and their IT vendors.',
'impact': {'brand_reputation_impact': 'High (Public Disclosure of 6M Records, '
'Media Coverage)',
'data_compromised': ['Names',
'Email Addresses',
'Phone Numbers',
'Birth Dates',
'Frequent Flyer Numbers'],
'identity_theft_risk': 'Moderate (PII Exposed but No '
'Financial/Passport Data)',
'legal_liabilities': ['Court Order to Block Data Dissemination'],
'operational_impact': ['Increased Security Measures',
'Legal Court Order Enforcement',
'Customer Notification Campaign'],
'payment_information_risk': 'None (Credit Card/Payment Details Not '
'Affected)',
'systems_affected': ['Third-Party Contact Center Platform']},
'initial_access_broker': {'entry_point': 'Third-Party Contact Center Platform',
'high_value_targets': ['Customer Service Records '
'(6M Profiles)']},
'investigation_status': 'Ongoing (Collaboration with Cybersecurity Experts)',
'motivation': ['Data Theft', 'Extortion'],
'post_incident_analysis': {'corrective_actions': ['Enhanced Training',
'System Monitoring Upgrades',
'Third-Party Security '
'Audits (Implied)'],
'root_causes': ['Third-Party Vendor '
'Vulnerabilities',
'Social Engineering Exploits (MFA '
'Bypass)']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Qantas Airways Public Statement'},
{'source': 'FBI Alert on Scattered Spider (X/Twitter)'},
{'source': 'FOX Business Article'}],
'regulatory_compliance': {'legal_actions': ['Court Order to Prevent Data '
'Dissemination']},
'response': {'communication_strategy': ['Public Statements',
'Customer Notifications (Specific '
'Data Impact)',
'Website Updates'],
'containment_measures': ['Court Order to Block Data Access/Use',
'Third-Party Platform Isolation'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Customer Identity Protection Services',
'Ongoing Updates via Website/Support Line'],
'remediation_measures': ['Increased Team Training',
'Strengthened System '
'Monitoring/Detection'],
'third_party_assistance': ['Cybersecurity Experts']},
'stakeholder_advisories': ['Public Updates via Website',
'Customer Support Line'],
'threat_actor': 'Scattered Spider',
'title': 'Qantas Airways Customer Data Breach via Third-Party Platform',
'type': ['Data Breach', 'Third-Party Vendor Compromise'],
'vulnerability_exploited': ['Weak IT Help Desk Authentication Protocols',
'Insufficient Third-Party Vendor Security']}