Names and name and email addresses of around four million impacted.
Qantas Airways has said that more than a million customers had their phone number, birth date or home address accessed in a recent cyber breach.
The Australian airline operator said that another four million customers had just their name and email address taken during the attack.
After disclosing a cyber-attack last week, Qantas said that the breached database contained unique personal information of 5.7 million customers, after removing duplicate records from the initial six million affected.
There is no evidence that any personal data of the customers has been released and the company is actively monitoring the situation, Qantas said in a statement.
"Since the incident, we have put in place a number of additional cybersecurity measures to further protect our customers' data, and are continuing to review what happened," Qantas Group CEO Vanessa Hudson said.
Jack Willis, vice president, security engineering and Northeast US at Bridewell, said: “While Qantas states there’s no evidence of data release, the combination of names, birth dates, and contact details creates a perfect storm for identity theft and sophisticated phishing attacks. Those affected should monitor credit files, authenticate all communications from data processors, and consider fraud alerts.
“The exposure of 5.7 million customer records will be leveraged for social engineering, and targeted scams. Customers must ensure all accounts are not using similar credentials, activate two-factor authentication across all platforms, and treat all unsolicited communications with scepticism, even if it references your personal information.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
