Qantas data breach: Frequent flyer list targeted in cyber attack is problematic because security breach compromised THIS info

Australian airline major Qantas has confirmed that a "significant" amount of customer data was leaked following a cyberattack targeting its records. The service documents of around six million Qantas customers were stored on the digital platform that was compromised, and the Australian Federal Police has now stepped in to support the ongoing investigation into the breach.

 

Names, email addresses, phone numbers, birth dates, and frequent flyer numbers of a "significant" number of Qantas customers were stolen, the airline confirmed after what it called the "big hack." But, the perpetrators were reportedly unable to access passwords, PIN numbers, or login credentials, the airline added.

 

 

 

"We’re currently contacting customers to make them aware of the incident, apologise and provide details on support available to them. There is no impact to Qantas’ operations or the safety of the airline. If you have upcoming travel, there is nothing you need to do. You can check your flight details at any time via the Qantas App or our website," an official statement read.

 

 

However, cybersecurity experts in Australia believe the leak is a major concern, particularly because the dates of birth (DOB) of numerous fliers were compromised. According to experts, this could be even more problematic than the theft of credit card or ATM PINs, which can be reset or frozen by contacting a bank. A stolen DOB, however, is permanent—unlike a PIN or even a name, it cannot be changed.

 

Combined with personal phone numbers and email IDs, a DOB is among the most sensitive pieces of personal data and must be protected from cybercriminals, experts warn. A hacker in possession of a person's name, DOB, and email ID could potentially impersonate the victim across various platforms and services.

 

There is also a risk that perpetrators may use the leaked data to create new accounts under false identities. In essence, this kind of information could allow criminals to open credit card accounts, sign up for paid services, register at hotels, or access various other systems while pretending to be someone else.

 

 

 

World