Tech support scam caused massive data breach at Australian airline Qantas


Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.

The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.

Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Red Cross: State hackers breached our network using Zoho bug

    February 16, 2022

    The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group. During the incident, the attackers gained access to the personal information (names, locations, and contact information) of over 515,000 people in the “Restoring Family Links” program ...

  • Croatian phone carrier data breach impacts 200,000 clients

    February 11, 2022

    Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information. The type of information that ...

  • Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs

    February 5, 2022

    Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their ...

  • China suspected in hack of journalists at News Corp

    February 4, 2022

    Digital intruders broke into News Corp email accounts and compromised the data of an unspecified number of journalists, the company disclosed Friday. The media firm’s internet security adviser said the hack was likely aimed at gathering intelligence for Beijing’s benefit. News Corp, which publishes the Wall Street Journal, said the breach was discovered in late January and ...

  • What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?

    February 3, 2022

    A common scenario is one in which an attacker gains access to an internal network via a compromised workstation that has been infected with malware, invariably via a social engineering email attack. No enterprise is immune to this type of insider attack. We all, at some point, took the bait and clicked unsolicited links masquerading ...

  • Telco fined €9 million for hiding cyberattack impact from customers

    February 1, 2022

    The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of ...