A MAJOR airline has been hacked with six million passengers’ details stolen in a shocking cyber-raid.
Fraudsters targeted the firm’s call centre and gained access to customers “names, emails, phone numbers and more”.
Qantas said its been subject to a data breach[/caption]
Qantas is Australia‘s largest airline and travels to dozens of national and international destinations.
The company has launched an urgent investigation after detecting a significant cyber attack which compromised the personal data of millions of customers.
“Unusual activity” was discovered on the firm’s system which stores the details of around six million passengers, including names, email addresses, phone numbers, birth dates.
The airline reassured customers, however, that personal details like passport numbers, frequent flyer numbers and financial information had not been stolen.
How to get help
In a statement, the airline confirmed it had taken “immediate steps” to contain the threat.
But it warned the full extent of the attack is still being assessed, adding that a “significant” portion of data may have been accessed.
Qantas Group CEO Vanessa Hudson apologised to affected flyers and urged travellers to contact a “dedicated support line” for any help.
She said: “We sincerely apologise to our customers and we recognise the uncertainty this will cause.”
The airline has notified federal authorities, including the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC).
Uptick in stolen data
The data breach comes just days after holidaymakers were warned about a Booking.com scam that cost victims £370,000.
Fraudsters are hacking hotel accounts on the platform and sending fake messages or emails that look legitimate.
This often happens when hotel staff accidentally click on a malicious link in an email, giving criminals access to the hotel’s account on the platform.
Once inside, scammers send messages to customers claiming payment details need to be verified or that a card has been declined.
Avoiding scams
They then trick holidaymakers into entering their banking details via fraudulent links.
Action Fraud has received over 500 reports of the scam between June 2023 and September 2024, with victims collectively losing £370,000 – or £700 per person.
Customers have shared their close calls with the scam on X (formerly Twitter).
One showed a message directly through their Booking.com app which read: “Dear [XXX], we need you confirmation.
“Your reservation and the details you entered are still pending. If you don’t verify and complete everything within the next six hours, your booking will be automatically cancelled – no exceptions.”
The customer is then directed to click on a rogue link in the message chain to “confirm and finalize” their trip – even though it’s already paid for.
Consumer rights expert Martyn James said: “If you get a message from a hotel or host through Booking.com or an email asking for your card details, ignore it.
“Only go through your Booking.com portal on the website to confirm payment details.
“Do not send money via links and never pay with bank transfers or PayPal‘s ‘friends and family’ option.”
What is a cyber attack?
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
- Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
- Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
- Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
- SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
- Ransomware: Malware that encrypts a victim’s data and demands a ransom for its release.
- Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
