Qantas breach exposes users' booking details via its app, revealing major security flaws. The incident underscores the need for stronger cybersecurity measures across the airline industry.
Qantas Airlines is currently investigating an incident where customers reported gaining unauthorised access to other passengers' personal information via the airline's app. The issue was first reported earlier today, prompting an immediate response from the airline.
"We are investigating reports of an issue impacting the Qantas app this morning," stated a Qantas spokesperson. "We will provide more information as soon as possible."
Several passengers have expressed their concerns, with one stating to the ABC,
"I have access to the booking details, QFF numbers, status, and boarding passes of people I don’t know. Logging out and back in does nothing."
Another alarmed user reported, "I was able to access full booking details, including the ability to cancel someone’s flight to Europe."
These reports indicate that each time the app is opened, some users see a different account, hinting at a significant breach in the app's security protocols.
This cybersecurity lapse at Qantas is not an isolated event in the airline industry. In April 2023, American Airlines and Southwest Airlines also faced data breaches.
Personal details of over 8,000 pilot applicants were stolen due to a breach at Pilot Credentials, a recruitment software provider. The affected companies were notified of the breach in May and have only recently begun notifying impacted individuals.
The ongoing cybersecurity challenges faced by global airlines highlight the escalating threats from sophisticated cyber attackers who target essential infrastructure.
This reality emphasises the critical need for improved education on cybersecurity, as well as crisis management and leadership training at the executive level.
In the past twelve months, numerous forums and conferences have prioritised discussions on cybersecurity, prompted by major incidents in 2022 and early 2023 that impacted millions, including breaches at Optus, Medicare, and Latitude.
For organisations, especially those like Qantas that provide essential services, it is crucial to develop crisis management strategies that incorporate critical cyber insights.
Such strategies will strengthen their systems against breaches, safeguard personal information, and help maintain public trust.
As Qantas continues to investigate and address this breach, CNC News will keep you updated with the latest developments on this story and other related cybersecurity concerns in the airline industry.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.
We cover the extensive supply chain disruptions affecting logistics, airlines, and transport worldwide. Additionally, we examine the financial impact on CrowdStrike’s stock price and the ensuing reactions from financial markets and analysts.
