Qantas customers impacted by the recent cyber-attack on the national carrier’s contact centre will soon be able to see how much of their data is stored on the compromised system.
In an email to customers today (July 9), the airline stated “to provide Qantas Frequent Flyers with further visibility, you will be able to view the types of your data that were held on the comprised system once you are logged in your account”.
“We expect this capability will be available from later this week,” the email stated.
Qantas Group Chief Executive Officer Vanessa Hudson said today’s email outlined to customers the specific personal data fields accessed through the breach.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Ms Hudson said.
“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”
She said since the incident Qantas had put in place a number of additional cyber security measures to further protect customer data and were continuing a review into the incident.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police.”
Ms Hudson said there was no evidence that any personal data stolen from Qantas had been released.
She said it had been reconfirmed that no credit card details, personal financial information nor passport details were stored in the system.
“There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and login details were not accessed or compromised.
“The data that was compromised is not enough to gain access to these frequent flyer accounts.”
Ms Hudson said after removing duplicate records, the investigation had found that there were 5.7 million unique customers’ data held in the system.
“Specific data fields vary from customer to customer.”
She said the analysis of customers’ personal data had found:
- 4 million customer records are limited to name, email address and Qantas Frequent Flyer details. Of this:
- 1.2 million customer records contained name and email address.
- 2.8 million customer records contained name, email address and Qantas Frequent Flyer number. The majority of these also had tier included. A smaller subset of these had points balance and status credits included.
- Of the remaining 1.7 million customers, their records included a combination of some of the data fields above and one or more of the following:
- Address: 1.3 million. This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
- Date of birth: 1.1 million.
- Phone number (mobile, landline and/or business): 900,000.
- Gender: 400,000. This is separate to other gender identifiers like name and salutation.
- Meal preferences: 10,000.
Customers can access a 24/7 support line on 1800 971 541 or +61 2 8028 0534.
