Qantas cyber attack: Hackers threaten to release stolen data unless ransom is paid

Amy LeeThe Nightly
CommentsComments
Camera IconQantas admits it still does not know who was behind a “significant” cyber attack. Credit: The Nightly

Qantas is among dozens of major companies facing ransom threats after being caught up in a sweeping cyberattack linked to stolen customer data.

The hacker collective known as Scattered Lapsus$ Hunters is reportedly pressuring Qantas, Toyota, Disney, Ikea, and others to begin negotiations by Friday or risk further exposure.

The cybercriminals claim to have accessed a massive trove of personal records by tricking an operator at its Manila call centre into opening access to a Salesforce system in late June.

As a result, the data of 5.7 million frequent flyers had been accessed - including names, phone numbers, addresses, emails, frequent flyer numbers and dates of birth.

Credit card details, personal finance information and passport details were not held on the platform, meaning passwords, PIN numbers and login details were not compromised.

Read more...

The attack bears similarities to previous incidents attributed to Scattered Spider, a ransomware group that targeted Hawaiian Airlines and Canada’s WestJet earlier this year.

Known for impersonating IT help desk staff, the group typically tricks employees into revealing login details under the guise of resolving account issues.

The newly emerged Scattered Lapsus$ Hunters is believed to be an amalgamation of members from several cybercriminal organisations, including Scattered Spider, ShinyHunters and Lapsus$.

The group has reportedly released samples of the stolen data on the dark web as proof, threatening to release all of the data if demands are not met.

Qantas has acknowledged its inclusion on the group’s list and says its actively supporting affected customers.

“Ensuring continued vigilance and providing ongoing support for our customers remain our top priorities,” a Qantas spokesperson said.

“We continue to offer a 24/7 support line and specialist identity protection advice to affected customers.

“We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.”

Qantas is continuing to work with government agencies and the Australian Cyber Security Centre to investigate the hack, and has obtained an ongoing injunction from the NSW Supreme Court to prevent stolen data being accessed or published.

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails