Overview

• Qantas has begun notifying 5.7 million customers about the July 1 breach of a third-party contact-centre platform.
• Accessed records include names, email addresses and frequent flyer numbers for 4 million users plus addresses, dates of birth, phone numbers, gender and meal preferences for 1.7 million.
• The airline confirmed that no passwords, PINs, financial information or passport details were taken in the attack.
• Threat actors have approached Qantas with apparent extortion demands to prevent the release of stolen data.
• Cybersecurity experts warn the leaked personal and loyalty details could be used for targeted fraud and identity theft on other services for years to come.