Just ask Qantas Airways, Australia’s flagship airline, which last week announced a record full-year profit of $1.6 billion. This financial success is deeply threatened by a travesty. After a major cyber attack in July, the quadricycle-sharing company admitted personal information of 5.7 million customers had been compromised. The breach took place over the weekend, which understandably left many customers feeling frustrated and angry. It has caused alarm over the airline’s communication tactics and its overall cybersecurity practices.
The hacktivist group Scattered Lapsus$ Hunters claimed credit for the breach. They did not receive the full ransom they first demanded from Qantas. As this leaked data was particularly sensitive, customers began taking preventive actions, like signing up for identity monitoring services. Despite the severity of the situation, many customers, including Ebe Ganon, expressed disappointment over Qantas’s lack of direct communication regarding the incident.
Customer Frustration Over Communication
Ebe Ganon, one of the impacted Qantas customers on the line, expressed her growing ire with the airline’s apology. Yet, despite this breach, she noted that she had not received any form of direct communication from Qantas explaining what happened.
“And as of this morning, I still haven’t had any communication directly from Qantas about what’s happened.” – Ebe Ganon
Ganon expressed her disgust even more, saying that the airline’s lack of communication with its customers made things even worse.
“Every single time there’s been a development in this story, I’ve heard it from the media.” – Ebe Ganon
She championed the challenges consumers face who have few or no choices when selecting travel providers.
“And that’s really frustrating as someone who often doesn’t have a lot of choice around the provider that I use when I travel.” – Ebe Ganon
Cybersecurity Concerns and Legal Implications
Forensically analysing the impact of this data breach, including transparency around what it means for Qantas’s approach to cybersecurity practices generally. Matt Warren, director at the Centre of Cyber Security from RMIT University, stated that Qantas must prioritize security measures over shareholder profits.
“The key lesson is to prioritise security over trying to maximise profits for shareholders.” – Matt Warren
Warren further emphasized how troubling the nature of this data breach is. It conveniently included personally identifiable information such as names and birth dates, allowing for more advanced scamming attempts specifically aimed at affected persons.
“It is serious because it contains what is called personally identifiable information … like your name, your date of birth,” – Matt Warren
Legal expert Michael Park opined on Qantas’s impending liability under Australian privacy law. Most importantly, he pointed out that it’s still not really clear if the airline even violated any privacy principles as required by the law.
“The threshold question will be whether Qantas has breached any of the Australian privacy principles under the privacy act.” – Michael Park
Steps Taken by Customers and Future Implications
Given the data breach, dozens of affected customers are already doing what they can to protect themselves. Ganon, left disappointed after learning she has to purchase monthly identity-monitoring services. This decision makes her financial burden heavier and makes her anxiety grow.
“At this point, my only options are really to pay for monthly identity monitoring myself, and that in itself is costly; it’s also quite anxiety-provoking.” – Ebe Ganon
Experts are calling for any fines levied on Qantas to be hefty. Through such consequences, they hope to instill important lessons to not only the airline in question, but the broader industry about their cybersecurity responsibilities. In her remarks, Warren expressed dismay at the prospect of a forthcoming “second wave of scams,” preying on people with stolen information.
“The problem is it’s hard to change your name, you can’t change your date of birth, so what the worry is that there will be a second wave of scams.” – Matt Warren
To this day, Ebe Ganon and other customers are still dealing with the fallout from this breach. Their struggles underscore the imperative for corporations to be held responsible for protecting consumer data.
