Initially, Qantas stated that there was no indication of a cyber security incident and suggested that recent system changes might have been the cause of the glitch. However, in an email sent to frequent flyer members on Friday afternoon, the airline confirmed that the incident was indeed caused by a technology issue.
Qantas has acknowledged that a recent glitch in its app, which allowed customers to view the personal details of other travellers, was caused by a technology issue rather than a cyber security incident. The breach, which occurred on Wednesday, enabled members of Qantas’ Frequent Flyer program to access the names, booking information, points balances, and status of other passengers.
“We have now identified the root cause and can confirm that this was a technology issue, and there is no evidence of a cyber incident,” the email read. “Qantas takes the security and privacy of our customers’ data seriously and we want you to know that we have done everything we can to fully understand what went wrong so we can prevent it happening again.”
The airline further assured customers that they would be contacted directly if their sensitive travel information had been incorrectly displayed to another person. The ABC has learned that the incident was likely caused by a caching issue, which resulted in incorrect information being updated on passengers’ apps. Caching refers to the practice of storing copies of frequently accessed data in a location that ensures it is readily available, but in this case, it appears to have led to the privacy breach.
On Wednesday, Qantas emphasized that the issue was isolated to the Qantas App and that customers were unable to access personal or financial information or board flights with incorrect boarding passes. However, Mark Gregory, an expert from RMIT, considers the incident to be a serious breach.
“I consider the data breach with the Qantas App to be a major data breach,” Dr Gregory stated. “It demonstrates that Qantas has failed to ensure that the upgrades or the updates to the systems and hardware were carried out in a way that would not permit the data breach to occur. It indicates that there’s an ongoing problem with the way corporate Australia interacts with their customers and secures customer data.”
The Office of the Australian Information Commissioner (OAIC) confirmed that Qantas had notified them of the issue and urged the airline to investigate the incident thoroughly. “If it’s a data breach that is likely to result in serious harm, they must notify the people affected and the OAIC as quickly as possible,” the office stated.
The glitch in the Qantas app occurred less than four weeks after the airline announced an expansion to its frequent flyer program, introducing “Classic Plus Flight Rewards.” The new scheme was promoted as a way for members to use their Qantas Points to book flights more easily and travel to more destinations using points. Qantas CEO Vanessa Hudson had emphasized the importance of the frequent flyer program in recognizing customer loyalty and rewarding members.
Qantas had recently updated its app for both Apple and Android devices, boasting a new look and feel for easier navigation and membership management, along with a new activity snapshot displaying points balances and status credits. However, the full extent of the privacy breach, including the number of customers affected, remains unclear at this time.
As Qantas works to address the technology issue and prevent similar incidents from occurring in the future, the airline faces the challenge of reassuring customers that their personal data is secure and that proper measures are in place to protect their privacy. The incident serves as a reminder of the importance of robust data security practices and the need for companies to prioritize the protection of customer information in an increasingly digital world.
Moving forward, Qantas will need to demonstrate transparency and proactively communicate with affected customers to maintain trust and loyalty. The airline must also work closely with the OAIC and other relevant authorities to ensure that all necessary steps are taken to mitigate the impact of the breach and prevent future incidents.
As the investigation continues and more details emerge, it is crucial for Qantas to learn from this experience and strengthen its data security protocols. By doing so, the airline can not only protect its customers’ privacy but also safeguard its reputation as a trusted and reliable carrier in the highly competitive aviation industry.