Qantas Airways is in the midst of a cybersecurity emergency. According to the airline, it is currently looking into a data breach that has affected hundreds of other businesses worldwide. The breach affected passengers’ personal details, including names, credit card information, passport numbers and addresses. They pointed fingers at Salesforce, their third-party platform provider, as the cause of the incident. This event has caused serious alarm over the safety of consumer information and risk of identity theft.
The hacking group responsible for the breach has sent an ultimatum. They plan to release Qantas customer data publicly if Salesforce does not pay an undisclosed ransom by 3 PM AEDT Saturday. Surprisingly, Salesforce has publicly opposed the request. It is this refusal that led the hacking group to assert that they released the data earlier that day. The six files with Qantas customer data were published publicly without notice using a file-sharing service, shocking those impacted even more.
In a statement, a Qantas spokesperson indicated the seriousness of the situation: “With the help of specialist cyber security experts, we are investigating what data was part of the release.” The airline is under pressure to ascertain the full extent of the breach and how it might impact its customers.
Microsoft Regional Director and cybersecurity expert Troy Hunt has been on the receiving end of a breach. He cautions particularly against the grave threats the pilfered data might present. He sounded alarm bells that Qantas data could be used for more targeted identity theft attacks. Yet it is in both the airline’s and customer’s best interest to remain watchful.
“There’s absolutely no putting the genie back in the bottle.” – Troy Hunt
Hunt specifically noted the evolving nature of cyber adversaries. He descried that hackers have gone beyond ransomware as we once knew it and are executing worse attacks in order to compromise confidentiality. Reducing the fiscal space This trend adds to the burden for companies such as Qantas. What excellent companies are experiencing aren’t just growing pains but rather predatory extortion attempts with no easy resolution.
“It’s not just on the dark web, it’s all over the clear web,” – Troy Hunt
The ramifications of such a breach go far beyond the immediate monetary theft. Hunt added that data moves around in a completely different online ecosystem today. That said, Qantas’s ability to protect sensitive customer information could be impacted for many years to come. He shared how the need to bias for action is real in today’s landscape, and organizations are being pressured to make the hard decisions on paying ransoms.
“We’re now in a position where someone’s saying ‘send us money, we’ll delete all the data, honest promise’,” – Troy Hunt
The hacking group’s claims raised alarms to a new level. They threatened future victims that they should do what they were told, or face becoming a major news story. They threatened that if the ransom wasn’t paid, they would release sensitive data to the public.
Customers shouldn’t be wondering if their personal information is safe while Qantas holds its investigation into what happened. The airline must take swift action to restore trust among its clientele and address any vulnerabilities in its data management practices.
