Tech support scam caused massive data breach at Australian airline Qantas


Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.

The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.

Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ireland: Fresh cyber attack impacts HSE

    June 9, 2023

    The Health Service Executive (HSE) has been impacted by a fresh cyber attack. Work is ongoing to determine the impact on HSE data following the attack which has been as criminal in nature and international in scale. But no patient data is believed to have been accessed at this stage. Read more… Source: The Irish News  

  • Australian law firm HWL Ebsworth probing hacked data

    June 9, 2023

    A prominent Australian law firm is investigating claims hackers have published data taken from the company on the dark web. HWL Ebsworth, which has clients at either commercial or government level in every state or territory, on Friday said it had learned of the data release. Read more… Source: The New Daily  

  • Thousands of Aer Lingus staff data stolen in ransomware attack

    June 7, 2023

    A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned. US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is ...

  • At least 100,000 Nova Scotians affected by cyber theft of government employee files

    June 6, 2023

    Cyber-criminals made off with the personal and banking information of at least 100,000 Nova Scotians last week, before the Nova Scotia government secured a file transfer service that had been breached as part of a global attack on MOVEit. Nova Scotia’s Minister of Cyber Security and Digital Service Colton LeBlanc provided that number Tuesday as part ...

  • Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward

    June 5, 2023

    Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...

  • British Airways, Boots staff data compromised by payroll cyber hack

    June 5, 2023

    British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain. British Airways, owned by IAG, said it had notified affected employees and was providing them with support. Read more… Source: MSN News