Qantas customers are finding out if their personal information was exposed in a cyber attack, as they are warned to be on high alert for scams.
The airline revealed on Wednesday a cyber incident on a third-party platform used by its contact centre had exposed the details of six million customers.
Among the personal details believed to be revealed were names, phone numbers, dates of birth and email addresses.
But Qantas has told customers that their financial information, passport numbers, credit card details and frequent flyer PIN codes were not accessed.
In an email late on Wednesday, Qantas began informing the frequent flyer customers who had been affected.
“I’m writing to inform you that we believe your personal information was accessed during the cyber incident we recently experienced,” the email read.
Customers have been urged to stay on high alert in the coming months because they may experience targeted phishing scams.
" "
Qantas said customers should remain alert for “unusual communications” claiming to be from the airline, or emails asking for personal information or passwords.
“Remember, Qantas will never contact you requesting passwords, booking reference details or sensitive login information,” it said.
A security expert echoed concerns the information may be used in further scams, similar as what happened following the Optus hack that compromised 10 million customers’ information.
“Even with reassurances, the breach of names, email addresses, phone numbers and perhaps most importantly, birth dates and frequent flyer numbers, it’s still significant,” Macquarie University cyber security hub executive director Dali Kaafar said.
He said the details could lead to malicious actors building a more complete profile about individuals to make them more susceptible to other forms of cybercrime.
He also warned the impacts could be more far-reaching than expected.
Kaafar said Qantas’s claims that no frequent flyer login details were exposed should be taken with “a grain of salt”, given the number of customers who used dates of birth as PIN codes.
“Some of these customers would have been using their date of birth as a PIN, and they are immediately at risk because that data has been compromised,” he said.
He warned customers to change their passwords and PINs to prevent further harm.
Cybersecurity experts are speculating that the hackers responsible may be Scattered Spider, a group of young cyber criminals from the US and Britain.
The FBI recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multifactor authentication and access systems.
There has been no confirmation of the group responsible.
On Wednesday, Qantas chief executive Vanessa Hudson said the airline was working with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.
A customer support line has been opened to provide customers with the latest information.
Qantas shares on the ASX shed about 3.6 per cent to $10.38 on Wednesday in response to the news.
-AAP