Tech support scam caused massive data breach at Australian airline Qantas


Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.

The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.

Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK: Staff details stolen in poultry factory cyber attack

    August 28, 2024

    Staff at a poultry factory in Norfolk have had their personal details stolen in a cyber attack. Banham Poultry, based in Attleborough, said criminals had remotely accessed its system in the early hours of 18 August. In an email sent to staff, seen by the BBC, the company said information such as National Insurance numbers, copies ...

  • Hunters International ransomware gang threatens to leak US Marshals data

    August 27, 2024

    The Hunters International ransomware group is threatening to leak what it claims to be 386 GB of data from the U.S. Marshals Service (USMS), more than a year after the federal law enforcement agency suffered a major ransomware attack. The gang claims the data, comprising more than 327,000 files, includes “Top Secret” documents, gang files, information ...

  • Ransomware attacks on schools threaten student data nationwide

    August 26, 2024

    Imagine a criminal gaining unrestricted access to your child’s most private information — medical records, Social Security numbers and even details about their daily bus ride to school. This alarming scenario is becoming a reality for a growing number of families as sophisticated cybercriminals increasingly target schools across the United States, holding their computer systems ...

  • Privacy group fights European Parliament over ‘massive’ HR data breach

    August 22, 2024

    The European Parliament’s headache over a major human resources data breach earlier this year just won’t fade. Austria-based digital rights group noyb on Thursday said it had filed two complaints against the European Union institution for infringing the bloc’s flagship privacy law, the General Data Protection Regulation (GDPR), over a data breach discovered before the ...

  • FlightAware Customer Data Left Exposed for Over Three Years

    August 21, 2024

    Users of FlightAware, the world’s largest flight-tracking platform, are being prompted to change their login credentials following a reported “data security incident.” According to FlightAware, the breach may have leaked sensitive customer information. The problem was discovered on 25 July, but it’s possible that it’s been ongoing since January 2021. Company officials say they believe it ...

  • Toyota confirms customer and employee data stolen, says breach at third party to blame

    August 21, 2024

    Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...