Stay informed with free updates
Simply enroll to the Cyber Security myFT Digest — delivered on to your inbox.
Qantas is investigating whether a hacking group that targeted UK retailer Marks and Spencer this 12 months was behind a cyber attack that breached a database containing the private details of 6mn of the Australian airline’s customers.
The corporate said the hackers targeted considered one of its call centres on Monday and gained access to a third-party customer support platform. Qantas said it was likely that a “significant” amount of non-public data had been extracted from the database, which contained customer names, email addresses, phone numbers, birth dates and frequent flyer details.
The database didn’t contain financial information, corresponding to bank card numbers, that are stored on different servers, said Qantas.
The attack comes days after the FBI warned that there have been signs the “Scattered Spider” cyber criminal group had began to focus on the worldwide airline sector.
“They aim large corporations and their third-party IT providers, which suggests anyone within the airline ecosystem, including trusted vendors and contractors, might be in danger,” the FBI said in an alert last week. It warned that extortion attempts were often made after sensitive information was stolen.
The warning followed recent cyber attacks on Hawaiian Airlines and Canada’s WestJet.
Scattered Spider is reported to be behind quite a lot of high-profile data breaches, including those of M&S and MGM Casinos. It has gained a status for effective subterfuge techniques corresponding to impersonating staff at corporations to trick IT departments into providing access to systems.
Qantas, Australia’s largest airline, said it had hurried to secure its systems. It has alerted the Australian Federal Police, in addition to other government agencies, and can contact affected customers.
Vanessa Hudson, chief executive, said: “We sincerely apologise to our customers and we recognise the uncertainty it will cause. Our customers trust us with their personal information and we take that responsibility seriously.”
Qantas shares dropped 3.6 per cent after it revealed the hack on Wednesday.
The airline is the most recent Australian company to be affected by a cyber attack, with telecoms company Optus, healthcare provider Medibank Private, quite a lot of Australian pension funds and port operator DP World all hit previously three years.