Millions of Australians are being warned to stay alert for scams and phishing attempts after a hacker released the personal information of 5.7 million Qantas customers on the dark web last week.
The stolen data, taken in July from a third-party call centre linked to the airline, was part of a global cyberattack targeting more than 40 major companies, including Toyota, Disney, and IKEA.
Qantas has urged the public to use two-factor authentication, stay updated through official Scamwatch channels, and report any suspicious contact immediately.
Cyber Security Minister Tony Burke said government agencies would use “all the laws available to them” to respond to the breach, stressing that companies remain legally responsible for protecting customer data, even when outsourcing services.
“There was some conversation around the fact that it was an outsourced company where the breach had occurred—that doesn’t get you off the hook on your obligations,” Burke told ABC radio.
“You can outsource parts of your business, but you don’t outsource the law. Qantas has obligations to ensure its customers’ data is protected.”
Qantas Moves to Tighten Protections
Qantas has responded by strengthening its cyber defences and expanding customer support.
In the past week, the airline obtained a continuing injunction from the NSW Supreme Court to stop anyone from accessing, publishing, or sharing the stolen data.
It has also introduced additional security measures, increased staff training, and improved system monitoring and detection tools.
The airline said it is working closely with specialist cybersecurity experts, the Australian Cyber Security Centre, and the Australian Federal Police to track and contain the breach.
Qantas reiterated that no credit card details or passport information were included in the compromised files.
Customers impacted by the breach were notified in July, and the airline continues to provide 24-hour identity protection support.
Cybercriminal Collective Behind the Attack
The hackers, operating under the name Scattered LAPSUS$ Hunters, claim to have stolen nearly one billion records worldwide from Salesforce, the cloud platform used by several affected companies.
The group, an amalgamation of three known hacking collectives, has previously targeted Marks & Spencer and Jaguar Land Rover in the UK.
On Oct. 10, it published a page on the dark web threatening to release further data later on the same day, unless Salesforce entered negotiations, a demand the company has refused.
Earlier, Cyber Security Coordinator Lieutenant General Michelle McGuinness told Senate estimates the breach compromised personal details of politicians, including home addresses and phone numbers.
“There has been a threat actor who has claimed to steal data,” she said, adding that no financial or identity documents were among the leaked information.
Friends Read Free
Copy
Facebook
Tweet
