Australian airline Qantas announced on Sunday that information of 5.7 million of their customers stolen in one of the biggest cyberattacks this year was circulated on the web, amid a leak of dozens of companies.
Disney, Google, IKEA, Toyota, McDonald’s, and other airlines, Air France, and KLM, are also cited to have been targeted in a cyberattack on software developer Salesforce, whereby the information is currently being ransomed.
Salesforce stated that this month it had become “aware of recent extortion attempts by threat actors.”
Qantas admitted that in July, one of its customer contact centres had been hacked by the attackers, which interfered with a computer system employed by a third party, since identified as Salesforce. The blue-chip Australian company reported that it got access to confidential data, including the customer names, email addresses, phone number, and their birthdays.
No other violations have occurred since, and the company is also collaborating with Australian security services.
In a statement, the company added that “Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident in early July, where customer data was stolen via a third-party platform.”
The company also said that the majority of the leaked information consisted of names, email addresses, and frequent flyer information. “No credit card details, personal financial information, or passport details were impacted,” Qantas said.
It also claimed that it had taken a legal injunction with the Supreme Court of New South Wales, which is the headquarters of the firm, to ensure that the stolen data is not “accessed, viewed, released, used, transmitted or published.”
According to AFP, cybersecurity expert Troy Hunt told them that it would do little in stopping the spread of the data. “It’s frankly ridiculous,” he said.
Hunt further added that “It obviously doesn’t stop criminals at all anywhere, and it also really doesn’t have any effect on people outside of Australia.”
Following the questions regarding the leak, tech giant Google referred AFP to a statement in August, where it mentioned that one of its corporate Salesforce servers was targeted.
Head of Google Cloud Security Communications, Melanie Lombardi, stated, “Google responded to the activity, performed an impact analysis, and has completed email notifications to the potentially affected businesses.”
Cybersecurity analysts have associated the hack with those who have connections with an alliance of cybercriminals known as Scattered Lapsus$ Hunters.
Research group Unit 42 reported in a note that the group had “asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom.”
Meanwhile, the hackers had indicated that they had a ransom deadline of October 10.
Experts said that the hackers accessed the sensitive data with a social engineering technique, which is a strategy of influencing victims through deceiving them to believe that it was a representative of a company or other trusted individuals.
Most recently, the FBI issued an alert on such attacks on Salesforce last month. The agency indicated that hackers posing as IT workers had defrauded customer support employees by pretending to be them to access sensitive customer data.
Hunt added that “They have been very effective.”
He states, “And it hasn’t been using any sophisticated technical exploits… they have exploited really the oldest tricks in the books.”
The breach of information at the largest airline in Australia follows a series of high-profile cyberattacks in the country that have led to questions of how personal information can be safeguarded.
The previous year, Qantas had to apologise following a technical issue with its mobile application that revealed the names and travel information of some of its passengers.
And large ports that process 40 percent of Australian freight exchange simply shut down in 2023, with hackers having gained access to the computers of operator DP World.
