Qantas cyber attack: Culprits and motive unknown

A major Australian airline will soon be able to tell the six million customers whose data was stolen by cyber criminals exactly what type of personal information was harvested.

In an update on Friday, Qantas also said the group believed responsible for the incident remained unclear and that it had not received a ransom request.

The hack, revealed earlier this week, occurred on a third-party system used by a call centre working for Qantas.

Sensitive data such as credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.

But millions of customers did have names, dates of birth, and email addresses stolen.

Asked by 1News whether any New Zealanders were affected, the airline would only say the "majority" of affected customers were in Australia.

Qantas next week will contact customers individually to tell them exactly what type of personal data was "contained in the system" or compromised.

"I want to apologise again for the uncertainty this has caused," chief executive Vanessa Hudson said in a statement.

"We're committed to keeping our affected customers informed with regular updates as our investigation progresses."

Qantas, which continues to work with the government authorities to investigate the incident, reaffirmed that there has been no further threat in the system and that it remains secure.

Multiple cyber experts believe the group responsible for the attack is called Scattered Spider, a cabal of young cyber criminals living in the US and the UK.

The US Federal Bureau of Investigation recently warned that the group was targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.

Airlines such as America's Hawaiian Airlines and Westjet have faced cyber attacks in the past fortnight.

Qantas has rolled out additional security measures to counteract any more potential threats and increase detection.

These include more security measures for frequent flyer accounts by introducing "additional identification" for account changes.

"We are treating this incredibly seriously and have implemented additional security measures to further strengthen our systems," Hudson said.

"Our customers can be assured that we have the right expertise and resources dedicated to resolving this matter thoroughly and effectively."

Qantas also warned scammers are already impersonating the airline in the wake of the attack and told customers to be vigilant.

The airline will never contact customers requesting passwords, booking reference details or sensitive login information.

"If customers do receive any suspicious emails, text messages or calls from someone purporting to be Qantas you can report this via our dedicated support line, Scamwatch, or contact local authorities," it said.

In the wake of the hack, Qantas has received more than 5000 customer enquiries.

Meanwhile, legal experts suggest the incident could lead to a class action against Qantas, after compensation claims were made against Optus and Medibank after major breaches in 2022.