A potential cyber criminal has made contact with Qantas, the airline has confirmed, after a major attack on its network exposed the personal records of up to 6 million customers.
In a statement on Monday evening, a spokesperson for Qantas said the Australian federal police (AFP) had been engaged but the airline would not confirm if a ransom was being sought for the compromised personal data.
“A potential cyber criminal has made contact and we are currently working to validate this,” the spokesperson said.
“As this is a criminal matter, we have engaged the Australian federal police and won’t be commenting any further on the detail of the contact.
“There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.”
A spokesperson for the AFP confirmed it was investigating and said further comment would be provided at an “appropriate time”.
“The airline has been highly engaged in assisting authorities and the AFP with investigating this incident,” they said in a statement.
On 2 July, Qantas suffered a major cyber-attack, with data including customer names, email addresses, phone numbers and birth dates of up to 6 million customers potentially breached.
Qantas said a cyber criminal targeted a call centre and gained access to a third-party system that held customer information.
The company detected the unusual activity last Monday and shut it down, but believed a “significant” amount of personal information may have been taken.
The airline said the breach did not include credit card details, personal financial information or passport details.
Quick Guide
Contact us about this story
Show
The best public interest journalism relies on first-hand accounts from people in the know.
If you have something to share on this subject you can contact us confidentially using the following methods.
Secure Messaging in the Guardian app
The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.
If you don’t already have the Guardian app, download it (iOS/Android) and go to the menu. Select ‘Secure Messaging’.
SecureDrop, instant messengers, email, telephone and post
See our guide at theguardian.com/tips for alternative methods and the pros and cons of each.
No frequent flyer accounts were compromised, and passwords, pins and log-in details had not been accessed, the airline said.
The alleged culprit has yet to be identified but the attack has similarities to a ransomware group known as Scattered Spider.
The group has targeted airlines in the US in recent weeks by engaging in what are called social engineering attacks, or “vishing”. They involve calling the IT support for large companies, often impersonating employees or contractors to deceive IT help desks into granting access and bypassing multi-factor authentication.
The incident is the latest in a series of cyber-attacks on large companies in Australia, after the attack on Optus, Medibank and the country’s $4tn superannuation sector.