Last week, Qantas confirmed that a recent breach exposed frequent flyer information, including names, email addresses, phone numbers and dates of birth. The airline stated that credit card numbers, passport details, financial information and passwords were not included in the breach.
Qantas’ chief executive has apologised and said that affected customers will be contacted directly by the airline.
The breach reportedly stemmed from a compromised call centre in Manila. While the full extent of the attack is still being investigated, cybersecurity experts believe it resembles past incidents involving the Scattered Spider ransomware group — the same group behind recent attacks on two US airlines.
Why you should be concerned: social engineering
Even though financial data wasn’t leaked, the exposed personal information can still be used for social engineering attacks.
Social engineering is when attackers use personal details to impersonate trusted sources — like Qantas or your bank — in order to manipulate you into handing over more sensitive information, such as passwords or bank account numbers. These attacks often come in the form of cold calls, phishing emails, or SMS messages that appear convincing because they contain your real information.
Tell-tale signs of social engineering
Be on the lookout for:
- Unexpected calls or emails claiming to be from Qantas or another trusted brand
- Messages that include your name, date of birth, or membership number
- Requests for passwords, banking details, or security codes
- High-pressure tactics or urgent requests for action
If you receive any suspicious contact:
- Do not provide any personal information.
- Ask for a reference number.
- Hang up and call Qantas using the official number on their website.
Additional risks
Cybercriminals may also try to use your leaked details to bypass identity verification when contacting banks or financial institutions. This could lead to account takeovers or unauthorised access.
Stay vigilant by monitoring your financial accounts, enabling two-factor authentication, and reporting suspicious activity to the relevant provider immediately.