Tech support scam caused massive data breach at Australian airline Qantas


Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.

The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.

Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Lastpass says hackers accessed customer data in new breach

    November 30, 2022

    LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both ...

  • Major Twitter hack sees 5.4 million phone numbers and email addresses leaked on the dark web

    November 28, 2022

    More than 5.4 million Twitter user records, including personal phone numbers and email addresses, are up for grabs on the dark web in a massive data dump that some believe the Elon Musk-owned firm is attempting to cover up. The data dump was identified by Chad Loder, the founder of cyber security awareness company Habitu8, who ...

  • Meta fined €265m over data protection breach that hit more than 500m users

    November 28, 2022

    Facebook’s owner has been fined €265m (£230m) by the Irish data watchdog after a breach that resulted in the details of more than 500 million users being published online. The Data Protection Commission (DPC) said Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were ...

  • Ransomware gang targets Belgian municipality, hits police instead

    November 26, 2022

    The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more. This type of ...

  • Australian Cyber Task Force Looks to “Hack the Hackers” After Data Breach Crime Wave

    November 24, 2022

    A recent string of data breaches has prompted rapid changes to Australia’s cybersecurity and data protection policies, and the latest development appears to be a cyber task force set to “hack back” and actively pursue what Minister for Home Affairs Clare O’Neil described as “scumbags.” Home Affairs is promising a new “tough on crime” policy toward ...

  • Gambian Central Bank says ‘don’t panic’ after data hack

    November 18, 2022

    The Gambia’s Central Bank says there’s no need to panic after a data hack. Sources allege the hackers managed to access the bank’s most sensitive files, but in a statement the Central Bank said no mission-critical systems were compromised, and that normal operations have continued unabated. It did however say one server was affected, which was promptly ...