Qantas has confirmed that more than one million customers had their personal data leaked during a cyberattack on one of its contact centres. Information such as phone numbers, dates of birth, and home addresses have been accessed by the hackers.
After removing duplicate records, an investigation has found that there were 5.7 million unique customers’ data held in the system, with specific data fields varying between customers.
On June 30, Qantas said it detected “unusual activity” on a third-party customer servicing platform where customers have records stored. Upon detection of the breach, Qantas took “immediate steps and contained the system”.
The Australian carrier initially stated that it expected the proportion of stolen data to be “significant”, after an initial review confirmed that this stolen data did include customer names, email addresses, phone numbers, birth dates and frequent flyer numbers.
A Qantas spokesperson also confirmed this week that a “potential” cyber criminal made contact with the airline, following the attack.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened,” said Vanessa Hudson, Qantas CEO. “Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible.”
Despite this breach no credit card details, personal financial information and passport details were taken, as this data is not held within this third-party system.
In this most recent update on July 9, the company said another four million customers had just their name and email address taken during the breach.
An investigation into the incident is still ongoing.