Last week, the US Federal Bureau of Investigation stated that cybercrime group Scattered Spider was targeting airlines and that Hawaiian Airlines and Canada’s WestJet had already reported breaches.
Mark Thomas, Australia director of security services for cyber security firm Arctic Wolf, said, “What makes this trend particularly alarming is its scale and coordination, with fresh reports that Qantas is the latest victim”.
Scattered Spider hackers are known to impersonate a company’s tech staff to gain employee information, passwords, and “it is plausible they are executing a similar playbook," Thomas said.
Charles Carmakal, the chief technology officer of Alphabet-owned cybersecurity firm Mandiant, said it was too soon to say if the hackers were responsible, but “global airline organisations should be on high alert of social engineering attacks".
Qantas’s share price was also down by 2.4% in afternoon trading against an overall market that was up by 0.8%.
Also worth noting is the fact that Australia’s most high-profile case since those of telecommunications network operator Optus and health insurance leader Medibank in 2022 promoted cyber resiliency laws, among which are mandatory reports of compliance and incidents.
The airline also drew the ire of opposition politicians who said it lobbied the federal government in 2022 to refuse a request from Qatar Airways to sell more flights. Qantas, however, denied pressuring the government, which eventually denied the request – a move the consumer regulator said that would trigger price competition.
Qantas CEO Vanessa Hudson has also improved the airline’s public standing since taking office in 2023, as reputation measures demonstrate.
“We recognise the uncertainty this will cause,” Hudson said of the data breach, also adding, “Our customers trust us with their personal information and we take that responsibility seriously."
Also worth noting is that the hacker said that they did not access the frequent accounts or customer passwords, PIN numbers, or login details, reported Reuters.