Tech support scam caused massive data breach at Australian airline Qantas

https://image.theregister.com/238616.jpg?imageId=238616&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

It’s possible to leak PII describing 5.7 million people without breaching privacy rules

Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers.

The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today.

Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket.

Those actions instead connected the CRM to a data extraction tool which the crooks used to siphon off customer records.

...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more