SYDNEY: Australian airline Qantas said on Sunday that data from 5.7 million customers stolen in a major cyberattack this year had been shared online, part of a leak affecting dozens of firms.
Disney, Google, IKEA, Toyota, McDonald’s and fellow airlines Air France and KLM are also reported to have had data stolen in a cyberattack targeting software firm Salesforce, with the information now being held to ransom.
Salesforce said this month it was “aware of recent extortion attempts by threat actors.”
Qantas confirmed in July that hackers had targeted one of its customer contact centres, breaching a computer system used by a third party now known to have been Salesforce.
They secured access to sensitive information such as customer names, email addresses, phone numbers and birthdays, the blue-chip Australian company said. No further breaches have taken place since and the company is cooperating with Australian security services.
“Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident in early July, where customer data was stolen via a third party platform,” the company said in a statement.
Most of the data leaked was names, email addresses and frequent flyer details, the firm said. But some of the data included customers’ business or home address, date of birth, phone number, gender and meal preferences. “No credit card details, personal financial information or passport details were impacted,” Qantas said.
It also said it had obtained a legal injunction with the Supreme Court of New South Wales, where the firm is headquartered, to prevent the stolen data being “accessed, viewed, released, used, transmitted or published.”
Cybersecurity expert Troy Hunt told AFP that would do little to prevent the spread of the data. “It’s frankly ridiculous,” he said.
“It obviously doesn’t stop criminals at all anywhere, and it also really doesn’t have any effect on people outside of Australia.”
