The IT Nerd

Qantas has confirmed receiving an extortion attempt tied to the June 30 cyberattack on a third-party call center platform that held records for 6 million customers. Compromised data includes names, contact details, dates of birth, and frequent flyer numbers. Qantas reports no breach of its internal systems, no impact on operations, and no compromise of financial or passport data. The company is working with law enforcement and has seen no signs the stolen data has been publicly leaked. It also warns customers about phishing attempts by scammers impersonating Qantas.

Akshay Srinivas, Director of Solutions Architecture, Radiant Logic had this to say: 

“The Qantas breach highlights a growing risk in modern enterprise security: indirect exposure through third-party platforms that handle sensitive identity data. While the core systems remained unaffected, the call center’s access to millions of customer records is a clear indication that there are ungoverned accounts that become a strong threat vector. This underscores the need for full visibility into who has access to what data across both internal and external environments. Organizations must treat third-party identity relationships with the same scrutiny as internal ones, enforcing least privilege, auditing access continuously, and unifying identity data to spot overexposure early. Without that observability, the boundary between internal security and third-party risk becomes dangerously porous.”

Third party hacks are a real problem. That requires some urgent action to ensure that not only are organizations secure, but everyone that they depend on are as well. Otherwise it won’t end well from anyone.

This entry was posted on July 8, 2025 at 12:24 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.