Share this article on:
Powered by MOMENTUMMEDIA
For breaking news and daily updates,
subscribe to our newsletter.
As 6 million Qantas customers wait to find out if their data has been impacted by a third-party data breach, Electronic Frontiers Australia’s chair calls upon government and businesses to do more to protect personal data.
Millions of Qantas customers would have found a very unwelcome email in their personal inboxes today, as the national carrier responded to a data breach that may impact up to 6 million people.
While sensitive data such as passport numbers and credit card details have not been impacted by the breach – which many experts are attributing to the Scattered Spider hacking collective – Qantas said some data has been compromised.
“Our initial investigations show the compromised data includes some customers’ names, email addresses, dates of birth and frequent flyer numbers. Importantly, no credit card details, personal financial information and passport details are held in the system that was accessed,” Qantas said in its notification letter.
“No Frequent Flyer accounts, passwords, PIN numbers or login details have been compromised.”
The breached information could lead to a rash of phishing attempts, and frequent flyers with commonly used passwords could well be in danger of further compromise. As is the case with so many similar breaches, even the simplest data can be weaponised by clever criminals.
The news of yet another breach impacting a well-known and trusted Australian brand has prompted the chair of Electronic Frontiers Australia (EFA) to question just how much some companies actually deserve to be trusted.
“When will organisations like Qantas stop boasting about how ‘trusted’ they are and actually pay more attention to the security and safety of the personal data they collect?” John Pane, EFA’s chair, said in the wake of the hack being revealed.
“This means ensuring that Qantas’ customer personal data is appropriately protected, not just in their own hands but also in the hands of any third-party service provider they use to process personal data.”
Pane called upon Qantas to perform “appropriate pre-engagement privacy and security risk assessments of any third-party service provider” and then follow up with regular audits, staying on top of where that data is through every phase of the data life cycle.
“Did this actually happen, and if it did, how robust were those assessments? Or are we looking at a case of another company ‘privacy-washing’ to present the picture of being trustworthy? Pane said.
“Once again, a ‘trusted’ Australian company suffers another massive data breach in the hands of a ‘trusted’ third-party service provider. Enough is enough!”
Pane called upon the Australian government to pass urgent and overdue reforms to the Privacy Act and “toughen up what is, by any reasonable standard, the existing sub-par security protections”.
“Or should we trust the government, too?” Pane said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.