However, Qantas has emphasized that there is no evidence that the passport data has been misused.
This breach was not a result of a cyberattack but rather an instance of insider fraud. Employees of India SATS, using a partner airline’s system, changed frequent flyer details, funneling the earned points into an account they controlled. Following the breach, Qantas promptly suspended the contractors involved, restored customers’ points, and fixed the altered bookings.
Qantas reassured its customers that it has implemented new restrictions on accessing bookings to prevent a similar incident in the future. It also clarified that this was not a technical hack, but rather a case of “rogue employees” abusing their position.
A spokesperson for Qantas further stated that they are unaware of any current bookings being affected by this incident and that an ongoing police investigation is in place.
The breach has raised concerns about other airlines in the Oneworld Alliance potentially being affected. However, Qantas has not confirmed any involvement of other airlines in the scandal. Despite the breach, the airline continues to assert that this was an isolated incident tied to two contractors abusing their access.
This breach follows another Qantas security issue earlier in 2024, when a technical error in the MyQantas app gave customers access to other users’ accounts.
While there was no cyberattack involved, the error allowed some customers to view booking information, frequent flyer points, and boarding passes of other users. Qantas promptly fixed the issue and reassured its customers that no financial information was compromised.
In both cases, Qantas has emphasized the importance of security and quickly worked to remedy the problems.
As cybersecurity threats continue to evolve, the airline is working to strengthen its internal systems and access controls, protecting customer data from potential breaches, whether caused by technical errors or human misconduct.
