Qantas contacted by "potential cyber criminal"

Qantas has been contacted by a “potential cyber criminal” following a cyber incident last week, though the airline has so far been unable to verify if the contact is genuine or opportunistic.

In an update posted late Monday, Qantas said it is “working to validate” the contact and any claims made by the unknown person or persons.

“As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the details of the contact,” the airline said.

“There is no evidence that any personal data stolen from Qantas has been released, but with the support of specialist cyber security experts, we continue to actively monitor.

A Manila-based customer service operation was hit last week, with some 6 million customer records stored in an unspecified platform being potentially accessed 

The records contained personal information, but no financial or payment data.

Qantas has also stated that the perpetrators did not gain access to individual frequent flyer accounts or credentials as part of the incident.

The airline is expected to provide an update this week “on the types of their personal data that was contained” in the records.

“This will confirm specific data fields for each individual, which will vary from customer to customer,” Qantas said.

The airline added that some additional security checks had been added to frequent flyer account security.

"Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection," Qantas said.

"This includes additional security measures for Qantas frequent flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes."