Qantas is warning a “significant” amount of customer data has likely been stolen from its records during a cyber attack.
The airline has released a statement saying that, on Monday, it detected unusual activity on a third-party platform used by a Qantas airline contact centre.
The airline said 6 million customers had service records in this platform.
Qantas said it was investigating the proportion of the data that had been stolen, though it expected it would be “significant”.
The airline has been contacting customers with generic emails, telling them that they will receive further communications “shortly” if their data has been “potentially compromised”.
“It’s a big hack,” Richard Buckland, Professor of Cyber Security at UNSW, told ABC News.
An initial review confirmed the data included some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers, the airline said.
“No frequent flyer accounts were compromised nor have passwords, PIN numbers or login details been accessed.”
Previous breaches on major Australian companies including Medibank and Optus have highlighted how cyber attacks can see people’s data used as a bargaining threat to make companies pay a ransom.
Another concern for Qantas customers is that their personal data could be onsold and then used to conduct fraud.
Professor Buckland told ABC News the concern for customers now could be if people’s accessed data was used to access other systems.
“It’s quite possible this could be used to log into the frequent flyer system by claiming you’ve lost a password, and trying to do some sort of password reset,” he said.
Source: Australian Broadcasting Corporation (ABC)