Up next
Author
Share this @internewscast.com
FacebookXRedditPinterest

Personal data of over five million Qantas customers has been leaked on the dark web after hackers followed through on their ransom threat over the weekend.
The airline was among 40 global firms linked to the cloud software giant Salesforce that had their data stolen in July.
The details that were stolen included full names, email addresses and frequent flyer details, as well as business and home addresses, dates of birth, phone numbers, gender and, in fewer cases, meal preferences. It did not contain financial information, passport details, PINs or passwords.

“With the help of specialist cyber security experts, we are investigating what data was part of the release,” Qantas said in a statement on Sunday.

The hacker collective, Scattered LAPSUS$ Hunters, threatened to release the data at 3pm on Saturday AEDT unless Salesforce paid an undisclosed ransom, which it refused to do.

The group said the data was “leaked” on Saturday, stating: “Don’t be the next headline, should have paid the ransom.”

How do you know if your data was exposed?

Qantas said it contacted all impacted customers in July and advised them on what types of personal data may have been stolen.
The airline said on Sunday it would continue to share updates on its website and through a 24/7 support line on 1800 971 541 or +61 2 8028 0534, “where customers have ongoing access to a specialist identity protection service”.

Arash Shaghaghi, a senior cybersecurity lecturer at the University of New South Wales, told SBS News customers should ensure any email communications they receive are legitimate and come from a legitimate @qantas.com address.

Breach notification services, such as Have I Been Pwned, are also evaluating the leak. Once the event is listed, people can safely check if their email was part of the breach, Shaghaghi said.
He stressed people should not attempt to search the dark web dumps themselves.
“Aside from legal risk, they’re often bait for malware and further scams,” he said.

Receiving spear-phishing attacks is another sign of exposure that people can look out for. These types of attacks use personal information to deliver “highly-targeted” fraudulent electronic communications, such as emails and texts, to trick targets into divulging sensitive information.

What action should you take?

According to Shaghaghi, there are three steps you can take to protect yourself.
Lock down your accounts. Enable multi-factor authentication on your email, banking and key online accounts immediately.

“It’s the single most effective defence against stolen data being used for account takeover,” he said.

Also, change your Qantas password and any account where that password may have been reused, ensuring each account has a strong, unique password, Shaghaghi suggested.
Another approach is to be vigilant for scams.
“Expect personalised attacks. Be wary of unsolicited emails, texts or calls claiming to be from Qantas, insurers or ‘compensation teams’,” Shaghaghi said, noting that criminals could use leaked details of the affected customers, such as date of birth or frequent flyer number, to make scams look legitimate.
He advised people to avoid clicking links in unexpected messages and instead visit the official Qantas site or app to verify account details.
Shaghaghi emphasised the importance of regularly monitoring and reporting any unusual activity, such as discrepancies in bank and credit card statements. Obtain credit reports from Equifax, Experian, and illion to check for unauthorised credit applications, he said.
If you see evidence of identity theft or fraud, report it to your financial institution and via the Australian Cyber Security Centre’s (ACSC) government portal immediately.

Follow updates from Qantas and ACSC for verified information.

What can happen to data posted on dark web?

Matthew Warren, director at RMIT University’s Centre for Cyber Security, said the data leak would potentially lead to a “second wave of scams”.

“Other criminals are going to use that information, pretending to be from Qantas, trying to elicit additional personal information or trying to say ‘We are offering compensation, please share your credit card details so we can transfer’,” Warren told AAP.
“Most Qantas customers are Australians. You’re talking about a quarter of the population.”
Shaghaghi warned people can expect “highly convincing” phishing or “Qantas refund” scams that use their real details.
“Criminals will exploit the trust that comes with accurate personal data to trick victims into revealing credit cards or login credentials,” he said.
In terms of “long game,” he said, criminals could combine data from previous breaches to build detailed identity profiles that enable loan fraud, tax-refund and other scams.

“For example, scammers used data from the [2022] Optus breach months later to file fake credit applications and contact victims pretending to be banks or government agencies,” he said.

Will victims receive any compensation?

Compensation claims were made against Optus and Medibank following major data breaches in 2022.

A complaint over the Qantas data breach has already been lodged by Maurice Blackburn with the Office of the Australian Information Commissioner, an independent national regulator for privacy and freedom of information.
The law firm has alleged Qantas breached privacy laws by failing to adequately protect customer information.
Affected customers are eligible to receive updates from the law firm and any compensation that may be sought on their behalf.
Warren said any class action will likely be challenged by Qantas on the grounds that a third party was responsible for protecting the data, and that the data was not stolen in Australia.
With additional reporting from Australian Associated Press.
Share this @internewscast.com
FacebookXRedditPinterest
You May Also Like

Bangladesh Mourns: Trailblazing Former Prime Minister Khaleda Zia Passes Away at 80

Khaleda Zia, who became Bangladesh’s first female prime minister in 1991 and…
A passing driver then boxed the car in to prevent the carjacker from driving off, leading him to jump out of the car and run to a waiting Nissan Navara with registration 1OL9CF.

Melbourne Police Intensify Search for Suspect Following Failed Carjacking on Bustling City Street

Police are asking the public to help identify a man who fled…

Key Insights into China’s Significant Military Exercises Near Taiwan

China’s large-scale military drills around Taiwan went on for a second day…
Coral Adventurer

Australian Cruise Ship Detained After Grounding Off Papua New Guinea Coast: Safety Concerns Escalate

The Coral Adventurer, a cruise ship based in Cairns, has been detained…
New signage, The Donald J. Trump and The John F. Kennedy Memorial Center For The Performing Arts, is unveiled on the Kennedy Centre.

Additional Artists Withdraw Following Addition of Trump’s Name to Renowned Arts Building

The Kennedy Centre is ending the year with a new round of…
Revellers defy terror fears to flock to Sydney NYE celebrations

Thousands Gather in Sydney for New Year’s Eve Celebrations Amid Heightened Security Concerns

Fears of a desolate New Year’s Eve turnout deserted by people fearing…

Iranian Government Proposes Dialogue Amid Rising Student Participation in Shopkeeper Protests

Protests over Iran’s soaring cost of living have spread to several universities,…
Good news in new poll for Hanson - but who is our most-liked politician?

New Poll Unveils Australia’s Most-Liked Politician: Surprising Results for Hanson

One Nation leader Pauline Hanson will end 2025 on a relative high,…
The bulk of Cath Armstrong's grocery shopping for the entire year is done in just three days.

Cath Plans 2026 Meals in Advance with Annual Pantry Restock

Cath Armstrong is not a fan of grocery shopping, so the Victorian…

Australian Cricket Legend Damien Martyn Reportedly in Induced Coma

Former Australian Test cricketer Damien Martyn has been rushed to hospital in…
Lobster worth over $590,000 among spate of US seafood thefts

Unbelievable Heist: $590,000 Worth of Lobster Stolen in Major U.S. Seafood Crime Wave

Lobster worth $US400,000 ($597,100), 40,000 oysters and a cache of crabmeat all…
US man shooting gun in yard kills woman blocks away, police say

Tragic Incident: Errant Gunshot from Yard Claims Life of Woman Blocks Away, Authorities Report

An Oklahoma man firing a gun he bought as a Christmas present…