Qantas says customer data released by cyber criminals months after cyber breach

SYDNEY: Australia’s Qantas Airways said on Sunday that it was one of the companies whose customer data had been published by cybercriminals after it was stolen by a hacker in a July breach of a database containing the personal information of the airline’s customers.

The airline said in July that more than a million customers had sensitive details such as phone numbers, birth dates or home addresses accessed in one of Australia’s biggest cyber breaches in years.

Another four million customers had just their name and email address taken during the hack, it said at the time.

The July breach represented Australia’s most high-profile cyberattack since telecommunications giant Optus and health insurer Medibank were hit in 2022, incidents that prompted mandatory cyber resilience laws.

On Sunday, Qantas said in a statement that it was “one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident in early July, where customer data was stolen via a third party platform”.

“With the help of specialist cyber security experts, we are investigating what data was part of the release,” it said.

“We have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties,” the airline added.

Hacker collective Scattered Lapsus$ Hunters is behind the Qantas data release, which occurred after a ransom deadline set by the group passed, the Guardian Australia news site reported.

Qantas declined to comment on the report.

Recently, Britain’s biggest carmaker, Jaguar Land Rover (JLR), said on Tuesday some factories would restart manufacturing on Wednesday after an almost six-week shutdown following a cyberattack, one of the country’s most disruptive hacks.

To try to help smaller parts suppliers who have been pushed to the brink after weeks without business, JLR also announced it would be providing some companies with up-front cash for parts during the production restart phase.

The economists had warned of the impact of a prolonged shutdown on the country’s manufacturing output.

HIGH PROFILE HACKS

JLR was the latest high profile cyberattack target in Britain this year, and comes after one of the country’s major retailers Marks & Spencer lost about 300 million pounds (about $400 million) after a breach forced it to shut down its online shop for two months.

The incidents highlight the vulnerability of global business to increasingly sophisticated and more frequent attacks. Last month, a ransomware attack on check-in services left passengers stranded across major European airports.

JLR, which analysts estimated was losing around 50 million pounds per week from the shutdown, was provided with a 1.5 billion pound loan guarantee by the British government in late September to help it support its suppliers.

Business minister Peter Kyle said in a statement on Tuesday that his focus was on helping JLR resolve the incident and supporting the long-term health of the auto supply chain, which supports over 180,000 manufacturing jobs.

“This is very welcome news for workers and suppliers, but I know many are still under pressure, particularly further down the supply chain,” he said.

PHASED RESTART

JLR said in a separate statement on Tuesday that for the three months to September 30, wholesale and retail volumes dropped 24.2% and 17.1%, respectively, reflecting the impact of the production stoppage, plus the planned wind down of legacy Jaguar models and the effect of U.S. tariffs.

“It has been a challenging quarter for JLR,” JLR CEO Adrian Mardell said in a statement.

JLR said its engines and battery units would restart work on Wednesday, as well as parts of its vehicle production plant including its body and paint shops, meaning the return of some of its 33,000 staff to work.

Production lines for the Range Rover and Range Rover Sport vehicles at its main factory in Solihull will start later this week, the company added.

Qualifying suppliers of parts used in the company’s just-in-time production lines will now be paid shortly after the point of order, JLR said, compared to a previous 60-day post-invoice arrangement, helping to allay fears that some smaller businesses could go bust.