Timeline of Qantas Cyberattack: Communication with Hackers Revealed
Recent documents obtained from the Supreme Court of New South Wales have provided a detailed account of the communication attempts made by the hackers during a significant cyberattack on Qantas. This incident, which impacted millions of Australians, marks one of the most notable data breaches in the country’s recent history.
Initial Breach Notification
Qantas officially announced the compromise of customer data from one of its offshore offices on July 2, following unauthorized access that occurred the previous day, July 1. During this initial phase, the airline was focused on managing the narrative surrounding the breach, emphasizing its commitment to engaging with government authorities and investigating the situation.
In a public update on July 4, Qantas reiterated that until that point, they had not received any communication from the perpetrators. The airline stressed its ongoing efforts to safeguard customer information and collaborate with relevant security bodies.
Hackers Establish Contact
Later on the same day, Qantas received multiple emails from the hackers detailing the scope of the breach. These crucial emails were submitted to the Supreme Court as part of Qantas’ attempts to secure an injunction to prevent the disclosure or distribution of the stolen data.
The hackers sent at least three emails, all titled “[CRITICAL – REPLY] Qantas Airways Limited Databreach/Cyberattack.” Although heavily redacted, these communications revealed the hackers’ identity and outlined their intentions. They stated, “Hello, we are [REDACTED],” asserting their association with the breach, which they claimed to be one of the largest in Australia, comparable to previous incidents involving Optus and Medibank.
Details of the Breach
Within the redacted content, the hackers indicated the number of compromised records and listed the types of information they had accessed, including full names, email addresses, phone numbers, dates of birth, and Frequent Flyer numbers. They hinted at possessing further sensitive data and provided a lengthy list, presumably consisting of individual customer records.
Additionally, the hackers issued a 72-hour ultimatum for Qantas to respond, emphasizing the urgency of the situation.
Follow-Up Communication
Despite the hackers’ attempts to establish contact, Qantas did not respond immediately. On July 7, the hackers sent a second email, noting it was their final attempt to resolve the issue amicably. This correspondence was also heavily redacted but appeared to outline potential consequences for Qantas if communication did not ensue.
They reiterated that no information had yet been disclosed or shared and requested that the message be forwarded to an appropriate representative capable of addressing the matter. Another 72-hour deadline was given for Qantas to respond.
Qantas’ Response
Following the second email, Qantas finally reached out to the hackers. Although much of the subsequent exchange remains redacted, it has been disclosed that the airline sent six emails in total after its initial reply, while receiving 11 emails from the hackers. This exchange spanned from July 4 to July 15.
On July 7, Qantas acknowledged communication with a potential cybercriminal but maintained that they could not discuss specifics due to the ongoing legal investigation. The airline committed to keeping customers informed and was actively working alongside several agencies, including the Australian Cyber Security Centre and the Federal Police.
Continued Efforts and Updates
As investigations into the cyberattack continued, Qantas made efforts to notify affected customers, stating they were progressively sending out emails. The CEO, Vanessa Hudson, expressed gratitude for the support from various government agencies and noted that the situation was being handled with utmost seriousness.
Qantas reiterated its dedication to maintaining communication with all stakeholders involved in the resolution of this cyber incident, indicating a commitment to transparency and accountability.
In light of these developments, Cyber Daily has reached out for further comments from Qantas as the situation continues to unfold.
