Massive privacy breach rocks Qantas – what you need to know if you’ve flown with the airline before
Hundreds of Qantas customers have had their frequent flyer points stolen by two third-party contractors in India.
The national airline also confirmed this to the Daily Telegraph that some customers’ passport details may have been accessed in the cyber theft involving staff from an Indian ground handling company.
In a statement to Daily Mail Australia, a Qantas spokesperson apologized to the 800 customers involved in the fraudulent activity, which has affected several other airlines.
“This was not a cyber hack or data theft, but a case where two rogue employees of one of our suppliers abused their position to fraudulently steal frequent flyer points,” he said.
‘The activity was stopped in August, the affected bookings were resolved and the points were returned to our members.
‘We are not aware of any current bookings being affected. The police investigation in India is still ongoing.”
The two contractors worked for India SATS, a joint venture between India’s top airline and SATS, Singapore’s largest ground handling company.
They have been suspended by their employer for inappropriate conduct, accessing and making unauthorized changes to customer bookings.
Qantas has apologized to customers for the theft of frequent flyer points by Indian contractors
India SATS is used by Qantas as a ground handler in India, meaning staff have access to the airline’s flight bookings.
Qantas said the changes were made using other airlines’ booking systems and that it has worked with these partner airlines to address any system vulnerabilities.
It said these vulnerabilities were never present in Qantas’ ‘Manage Your Booking’ or Qantas frequent flyer systems.
The spokesperson said partner airlines have limited the ways in which frequent flyer data can be changed to ensure this type of access to customer account data does not occur again.
For Qantas, this now means calling the contact center and verifying your identity.
The spokesperson said no unauthorized activity has occurred since the initial breach.
“As soon as we became aware of this, we worked closely with our airline partners to secure their systems to prevent this issue from happening again,” the spokesperson said.
“Customers have received the full number of points and status credits they were entitled to for their trip.”
The IT scandal came to light The Australian after a Qantas customer in Sydney complained that her account had been hacked and that the airline had failed to take responsibility for the breach.
Qantas says frequent flyer customers have had their points refunded following the breach
Since then, other Qantas customers have claimed the same thing happened to them.
No one has received any information from the airline, according to The Australian.
The customers who had their names and frequent flyer numbers stolen were reportedly not flying to India and had booked directly with the airline that flew Qantas flights.
There is speculation that the IT breach may also involve other airlines within the 15-airline alliance.
The latest blow to Qantas comes amid reports that ex-CEO Alan Joyce is arming himself with powerful PR agents ahead of the release of forthcoming book The Chairman’s Lounge: The Inside Story of How Qantas Sold Us Out.
Joyce reportedly received $3.4 million in his last three months at Qantas, $14.9 million in his last full year and around $125 million during his tenure.