Tech support scam caused massive data breach at Australian airline Qantas


Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.

The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.

Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • MoneyGram replaces CEO weeks after massive customer data breach

    October 29, 2024

    Money transfer giant MoneyGram has replaced its chief executive less than a month after confirming that hackers stole reams of customers’ personal information and transaction records in a data breach. In a statement Monday, MoneyGram said it appointed Anthony Soohoo as the company’s chief executive with immediate effect. Soohoo replaces Alex Holmes, who joined MoneyGram in ...

  • Hackers breach sensitive government and police data in Italy

    October 28, 2024

    Prosecutors in Milan have uncovered a network of hackers and former law enforcement officials accused of using malware and insider contacts to break into several government databases, including the Interior Ministry. The group allegedly accessed over 800,000 confidential records, even targeting accounts linked to the president’s office. Prosecutors said on Saturday that the operation was allegedly ...

  • 100 million people hit in largest healthcare data breach in history – medical info, SSNs and more

    October 26, 2024

    More than 100 million people had their personal information and healthcare data stolen in the massive UnitedHealth ransomware attack earlier this year, making it the largest healthcare data breach in the country. After completing its investigation into February’s data breach, the US Department of Health and Human Services said this week that roughly a third of ...

  • Data storage in spotlight of Italian security committee after Intesa breach

    October 22, 2024

    Italy’s influential parliamentary committee on security will hold a round of hearings on data storage following a major breach at the country’s biggest bank Intesa Sanpaolo, people familiar with the matter told Reuters on Tuesday. Intesa Sanpaolo is under investigation by prosecutors in the southern Italian city of Bari after it emerged that the accounts of ...

  • Hong Kong: ‘Lack of care led to sports association data breach’

    October 22, 2024

    The Office of the Privacy Commissioner for Personal Data (PCPD) on Tuesday accused the South China Athletic Association (SCAA) of having inadequate policies and a lack of care, after a data breach affecting more than 72,300 members. An attack by a hacker in March resulted in a breach of members’ personal information, including ID card numbers, ...

  • Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

    October 21, 2024

    Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at website snapshots from the past. It is often used ...