Qantas confirms technology issue caused data breach that exposed personal information of customers

Qantas confirms technology issue caused data breach that exposed personal information of customers
  • PublishedMay 4, 2024

Qantas has confirmed that a technology issue was to blame for a glitch affecting its app that allowed customers to view the personal details of other travellers in an apparent privacy breach.

Members of Qantas’ Frequent Flyer program reported being able to see the names and booking information of other passengers in the Qantas App on Wednesday, with some customers being able to view the points balance and status of travellers.

At the time, Qantas said there was “no indication” that the issue was caused by a “cyber security incident”, and was investigating whether “recent system changes” were the possible cause of the glitch, which was resolved by Wednesday evening.

In an email sent to members of its frequent flyer program on Friday afternoon, the airline confirmed the incident was caused by a “technology issue”.

“We have now identified the root cause and can confirm that this was a technology issue, and there is no evidence of a cyber incident,” it said.

“Qantas takes the security and privacy of our customers’ data seriously and we want you to know that we have done everything we can to fully understand what went wrong so we can prevent it happening again.

“We will contact you directly if we determine that your sensitive travel information has been incorrectly displayed to another person.”

The ABC understands that the incident was caused by a caching issue, which resulted in the incorrect information updating on passengers’ apps.

In computing, caching refers to storing copies of frequently accessed data in a location that ensures it is readily available.

A screenshot of an email explaining why Qantas experienced an issue with its app and that it apologises to customers.
Qantas confirmed that it was a technology issue in an email to its Frequent Flyer members.(Supplied)

Glitch comes weeks after loyalty upgrades

On Wednesday, Qantas confirmed that the issue was isolated to the Qantas App, and customers were unable to access personal or financial information, and would have not been able to board flights with the incorrect boarding passes.

However, Mark Gregory from RMIT said the issue was a serious breach.

“I consider the data breach with the Qantas App to be a major data breach,” Dr Gregory said.

“It demonstrates that Qantas has failed to ensure that the upgrades or the updates to the systems and hardware were carried out in a way that would not permit the data breach to occur.

“It indicates that there’s an ongoing problem with the way corporate Australia interacts with their customers and secures customer data.”

The Office of the Australian Information Commissioner (OAIC) confirmed on Wednesday that Qantas had notified it of the issue, and urged the airline to investigate the incident.

“If it’s a data breach that is likely to result in serious harm, they must notify the people affected and the OAIC as quickly as possible,” it said.

The glitch affecting the Qantas app came less than four weeks after the airline unveiled an expansion to its frequent flyer program.

Qantas launched its “Classic Plus Flight Rewards” scheme on April 8, touting it as a “new way for members to use their Qantas Points to book flights” and making it easier for frequent flyers to travel to more destinations using points.

People with suitcases using computer terminals at an airport with a Qantas sign behind them
Qantas said it will contact customers directly if their travel information was shared with other travellers.(ABC News: Evelyn Manfield)

At the time, Qantas CEO Vanessa Hudson said the expansion gave frequent flyers more ways to use their points, and more ways to accrue them.

“The Qantas Frequent Flyer program is an integral part of Qantas and has always been about recognising our customers for their loyalty. We’ve spent a lot of time listening to members about how we can better reward them,” she said last month.

Qantas last updated its app for Apple devices on April 10, and Android devices on April 7, which boasted “a new look and feel for easier navigation and membership management” that featured a “new activity snapshot displaying your points balance and status credits”.

The full scale of the incident involving the Qantas App, including the number of customers impacted by it, remains unclear.


Leave a Reply

Your email address will not be published. Required fields are marked *