Qantas responds to massive dump of hacked customer data

“Qantas is one of a number of companies globally that has had data released by cyber criminals following a cyber incident in early July, where customer data was stolen via a third-party platform. With the help of specialist cyber security experts, we are investigating what data was part of the release,” Qantas said in an update to its incident advisory on 12 October.

“Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties.

“We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.”

Qantas said that it believes the nature of the compromised data has not changed since it first warned customers of the incident in July. The airline is also continuing to work with the Australian Federal Police, the Australian Cyber Security Centre, and several other government agencies.

Qantas also warned customers to be aware of scammers pretending to represent the airline via email, text messages, or telephone calls, and suggested customers enable two-factor authentication for their personal email and online accounts.

The group behind the hack, Scattered Lapsus$ Hunters, posted what it claims is 153 gb of data consisting of more than 5 million records on the afternoon of 11 October. The data was published to the group’s darknet leak site on the Tor network, but that site appears to have crashed under the load. Soon after, however, the same data was published on a clearnet site.

VIEW ALL

>

US and French authorities took down the group’s established clearnet site on 10 October, but the new site is still live as of the time of writing.

Soon after publication, Scattered Lapsus$ Hunters posted a manifesto singling out Australia on its Telegram channel.

“Australia, I really hope for the love of god you’ve learned your lesson this time. When me and shanty dumped Optus a few years back we gave you multiple chances to comply with us. Australia government please get rid of the AFP or revamp the AFP. They are filled with ego and pride, so is the government of Australia itself,” a spokesperson for the group said.

Speaking to Australian Aviation’s sister publication Cyber Daily regarding the law enforcement takedown of the group’s previous clear net site, Sophos’ field CISO APJ, Aaron Bugal, said it was merely “one small win in a long game”.

“These cyber criminals talk a big game. They posture, threaten, and demand ransoms. But their bravado doesn’t change the fact that global law enforcement, across agencies with three and four-letter acronyms, is watching – and closing in,” Bugal said.

“Groups like this live fast, but they’re now running out of places to hide. Their relentless disregard for the law and victimising of organisations has brought well-deserved heat. The mission now is clear: sustained disruption, and ultimately, the arrest of those pulling the strings.”