Qantas customer data that was exposed following a cyber attack in July has reportedly been leaked onto the dark web, according to local media reports.
A ‘notorious’ hacker group reportedly released personal data linked to 5.7 million customers on the dark web over the weekend after its ransom demand was not met.
According to The Guardian Australia, the cyber crime collective Scattered Lapsus$ Hunters threatened to disclose stolen data from more than 40 global companies – including Disney, IKEA, Toyota, Vietnam Airlines and Qantas – unless its ransom was paid.
Qantas previously confirmed that customer names, email and residential address details were among data that was compromised during the cyber incident at one of its contact centres. The data breach did not contain credit card details, personal financial information or passport details, the carrier said.
In a statement published on its website on Sunday (12 October), Qantas said it is now working with “specialist cyber security experts” to investigate the specifics of the leaked data. The carrier has also secured a court order against sharing the stolen information.
“Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties,” the carrier said.
Following the July incident, Qantas Group CEO Vanessa Hudson said the carrier had "put in place a number of additional cyber security measures to further protect our customers' data” and that it remains in “constant contact” with the Australian Federal Police and the Australian Cyber Security Centre.
On Tuesday (14 October), Vietnam Airlines also issued a statement confirming a data breach involving a third-party customer service platform. The carrier said, “unauthorised access may have occurred to certain customer data processed through this platform” and that it is currently working with authorities to investigate the breach.
“At this time, data such as payment information, passwords, travel itineraries, Lotusmiles balances, and passport details remain secure. Additionally, Vietnam Airlines’ internal IT systems were not affected,” the carrier said in a statement.