Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.
The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.
Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers breached DHS information-sharing network
June 30, 2026
A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on ...
- Japan: Over 14 million login credentials leaked from six ISPs in major data breach
June 29, 2026
A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation. According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked ...
- Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs
June 29, 2026
Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records ...
- Polymarket says hackers stole users’ funds
June 25, 2026
Prediction market giant Polymarket confirmed that hackers stole funds from an unspecified number of users after a third-party breach. In an X post on Thursday, Polymarket said that a compromise at a third-party vendor allowed hackers to inject malicious code into its website “for some users.” The company said it has “contained” the incident and is ...
- Almost half of ransomware victims have data stolen before they can even detect an intrusion
June 25, 2026
Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever. Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of ...
- Elite network says it was hacked after members’ personal data was left exposed
June 25, 2026
Some organizations exist to be exclusive. They’re invite-only, and discreet, the kind of place where the membership directory is the product. Dialog, the exclusive network founded by billionaire investor and PayPal co-founder Peter Thiel, whose members include a sitting NATO commander, two US senators, and the US Treasury Secretary, is one of those. Last week, information on ...

