)
After claiming last week that its system remained secure after a major cyber security breach, Qantas Airways (ASX: QAN) revealed last night that it had been contacted by a potential cyber criminal.
Australia's largest airline started the financial year last Tuesday with the detection of a security breach at one of its contact centres, prompting communication with around six million customers who had personal information on the impacted platform.
By Friday the group had received more than 5,000 enquiries through a dedicated support line following the incident, which it claimed had no impact to Qantas Frequent Flyer accounts, while also clarifying that no credit cards, personal financial information or passport details were stored on this system "and therefore were not accessed".
"We know that data breaches can feel deeply personal and understand the genuine concern this creates for our customers. Right now we’re focused on providing the answers and transparency they deserve," Qantas Group chief executive officer Vanessa Hudson said before the weekend.
"Our investigation is progressing well with our cybersecurity teams working alongside leading external specialists to determine what information has been accessed.
"We’re finalising a process that will enable us to provide affected customers with more information about their personal information that was potentially compromised."
At the time Qantas had not yet been contacted by anyone claiming to have the data, but now the situation has changed.
"A potential cyber criminal has made contact and we are currently working to validate this," the airline said in a statement.
"As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the detail of the contact.
"There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor."
The incident followed a recent warning by the US Federal Bureau of Investigation of a criminal organisation targeting the airline sector, according to Elliot Dellys, CEO of Australian cyber security company Phronesis Security.
He says the warning related to an organisation known as Scattered Spider, a “disparate group of young hackers living in the US and UK”.
“Scattered Spider had been targeting the airline sector, impersonating legitimate users to gain access to systems and bypass multi-factor authentication, one of the most effective methods of preventing breaches,” Dellys said
"It would therefore be little surprise if the Australian aviation sector had come within its crosshairs, as a high value target with a complex, and historically challenging, environment to secure."
)
