[BreachExchange] Qantas data breach reveals customer details
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Apr 4 20:28:05 EDT 2017
https://www.crikey.com.au/2017/04/04/qantas-passenger-
views-other-passenger-details-in-data-breach/
Qantas customers’ personal data has been compromised after a data breach
revealed the names, seat numbers and frequent flyer numbers of eight
passengers to another passenger looking at the Qantas check-in app on
Thursday. The app, which was used to check in for a flight between Newman,
Western Australia, and Perth, showed the length of the flight and that a
snack or brunch would be available, but the Qantas passenger was shocked to
be able to see details for other passengers.
Qantas does not believe the incident should be considered a data breach, as
the incident occurred when a group booking was made by one of the major
mining companies. Usually workers with flights booked by the mining
companies don’t see details belonging to other passengers. A Qantas
spokesperson said the airline took security matters seriously.
It is not the first time Qantas customer details have been shared with
others. In January, an email sent to customers flying out of Melbourne
warned of traffic delays on the Tullamarine Freeway included surnames and
booking references of other passengers.
It is unclear how many customers saw other passengers’ data, or how many
people were booked on group bookings with such data available.
Other major Australian companies have had issues with customer data
breaches. In 2012, major bank NAB mistakenly sent details of 60,000
customers to the owner of nab.com (who also owns a series of adult
websites) — the bank uses nab.com.au. The data breach was only revealed
this year. The Privacy Commissioner is also investigating the sale of
personal details of Australian customers of Optus, Telstra and Vodafone.
Last month the government passed laws that make it mandatory for government
agencies and businesses with turnover of more than $3 million to notify
individuals affected by data breaches that could cause serious harm. The
Notifiable Data Breach system will come into effect in February next year,
and it includes breaches as a result of hacking as well as mistaken
releases of information.
Qantas appointed its first chief information security officer, Darren
Argyle, last month.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170404/808ee50b/attachment.html>
More information about the BreachExchange
mailing list