Millions of customers could already have been targeted by scammers in the two days it took Qantas to share details of a major cyber attack, an expert has warned.
And there might be further attempts by malicious actors to hit Australia’s biggest airline now that a vulnerability has been exposed.
The airline announced on Wednesday that a third-party system used by an offshore call centre had been attacked two days earlier.
The hack potentially compromised the names, dates of birth, email addresses and frequent flyer numbers of six million customers, although their financial information remained secure, Qantas said.
But a cybersecurity expert said the 48-hour delay in telling customers there had been an attack might have left millions vulnerable to scam attempts.
“That second round can be a lot more powerful than the first breach and then there is the risk of customers not knowing to be alert to any emails or phone calls from Qantas as suspicious,” La Trobe University’s Daswin De Silva told AAP.
“These emails can be sent very quickly … phishing or other impersonation attacks could have happened in those 48 hours.”
Qantas representatives should come forward and explain why there was a 48-hour delay in notifying customers of the scam risk, Professor De Silva added.
He speculated the delay was likely due to Qantas figuring out whether other systems had been compromised and deploying security measures to dispel the cyber criminals.
Qantas confirmed that scammers were already impersonating the airline in the wake of the attack and told customers to be vigilant.
The airline has been contacted for comment about the notification delay.
The company on Friday provided an update confirming that credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.
However, customers will have to wait several days longer for an individual update on which personal details were compromised due to the hack.
“I want to apologise again for the uncertainty this has caused,” chief executive Vanessa Hudson said.
“We’re committed to keeping our affected customers informed with regular updates as our investigation progresses.”
Qantas, which has been working with government authorities to investigate the incident, said there has been no further threat to its systems and additional security measures have been put in place.
Australian Federal Police confirmed they were investigating and the airline had been “highly engaged” with authorities.
Qantas has remained tight-lipped about who it believes is behind the attack and no cyber criminal groups have taken responsibility.
But Prof De Silva said this could be an ominous sign of more cyber strikes to come for the airline now that criminals have found a vulnerability.
“Once you figure out a weak spot, they try to exploit it to the maximum,” he said.
Multiple cyber experts believe the group responsible is called Scattered Spider, a cabal of young cyber criminals living in the US and the UK.
The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
Prof De Silva said Scattered Spider was a financially motivated group that did not obtain credit card details or other “valuable” information in the attack.
“They might be planning further attacks that gets them to their objective because obviously they want to see their effort fulfilled,” he said.
Qantas has added security measures for its frequent flyer accounts, including requiring extra identification for any changes.
Since the attack was revealed, Qantas has received more than 5000 customer inquiries.
Legal experts suggest the incident could lead to a class action against Qantas after compensation claims were made against Optus and Medibank following major breaches in 2022.
Australian Associated Press is the beating heart of Australian news. AAP is Australia’s only independent national newswire and has been delivering accurate, reliable and fast news content to the media industry, government and corporate sector for 85 years. We keep Australia informed.
