Qantas escapes formal OAIC probe over 2025 vishing breach

By
Follow google news

No failings by airline to protect personal information.

Qantas will not face an investigation by the Office of the Australian Information Commissioner (OAIC) for the June 2025 data breach that saw millions of the airline's customer records allegedly taken by hackers associated with the Scattered Spider, Lapsus$ and ShinyHunters groups.

Qantas escapes formal OAIC probe over 2025 vishing breach

OAIC and Privacy Commissioner Carly Kind concluded "preliminary inquiries" into the breach, which affected around 5.12 million Australians.

Kind considered whether or not the airline had contravened Australian Privacy Principles 1, 8 and 11 which cover management, cross-border disclosure and security of personal information.

The commissioner found Qantas had taken steps to address these risks and acted quickly to contain the breach and alert the public.

The incident occurred through a social engineering technique called vishing.

An unnamed threat actor impersonating "Qantas IT help" contacted the airline's call centre.

The agent was tricked into connecting a customised version of Salesforce's Data Loader tool to the customer relationship management platform used by Qantas, which enabled mass data extraction.

Data taken in the Qantas breach included mainly personal information and frequent flyer information.

The privacy commissioner's findings are provisional and may not let Qantas off the hook permanently, as the regulator maintains the discretion to open a formal investigation at a later stage.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

JB Hi-Fi Group finds new cyber security leader

JB Hi-Fi Group finds new cyber security leader

Toll Group puts third-party risk at centre of AI-era data security

Toll Group puts third-party risk at centre of AI-era data security

How Monash University is tackling the AI-driven app security gap

How Monash University is tackling the AI-driven app security gap

Log In

  |  Forgot your password?