Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.
The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.
Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Collections #2-5 unearthed with 2.2 billion unique records now exposed online
February 1, 2019
Researchers have established that more than 600GB of personal information is circulating online after finding a monster cache of four additional ‘Collection’ folders. The Collection #1 leak discovered earlier this month was considered one of the largest leakages of personal data in history, with more than 773 million unique email addresses, and 22 million passwords, found ...
- Airbus data breach impacts employees in Europe
January 30, 2019
European aerospace corporation Airbus disclosed today a security breach that impacted its commercial aircraft manufacturing business. The company said the security breach “resulted in unauthorised access to data.” According to a press release published earlier today, Airbus said that “some personal data was accessed,” but “mostly professional contact and IT identification details of some Airbus employees in Europe.” Read more… Source: ...
- Massive Collection #1 leak exposes 773m unique records online
January 17, 2019
Nearly 2.7 billion records containing up to 800 million unique email addresses and more than 21 million unique passwords have been compromised and published online. The massive data leak, dubbed Collection #1, is made up of individual breaches from “literally thousands of different sources”, according to security researcher Troy Hunt, who announced his findings in a blog ...
- Unprotected Government Server Exposes Years of FBI Investigations
January 17, 2019
A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case ...
- Over 202 Million Chinese Job Seekers’ Details Exposed On the Internet
January 10, 2019
Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an American ...
- Angela Merkel’s personal details leaked on Twitter
January 4, 2019
An unknown hacker has released confidential data linked to the German Chancellor Angela Merkel and hundreds of the country’s other politicians. The stolen details were released on Twitter over the past few weeks in a sort of Advent Calendar and included bills and credit card information, phone numbers, email addresses, photo identification and personal chat histories. The Twitter ...

