Two third-party contractors in India have stolen the frequent flyer points of hundreds of Qantas customers.
The national airline also confirmed to the Daily Telegraph that some customers’ passport data may have been accessed in cyber theft involving staff at an Indian ground handling company.
In a statement to Daily Mail Australia, a Qantas spokesperson apologized to the 800 customers who had been caught up in the fraudulent activity, which has affected several other airlines.
“This was not a cyberattack or data theft, but rather the case of two dishonest employees of one of our suppliers who abused their position to fraudulently steal frequent flyer points,” he said.
‘Activity stopped in August, affected bookings were remedied and points were returned to our members.
‘We are not aware of any current reservations being affected. Police investigation in India is ongoing.’
The two contractors worked for India SATS, a joint venture between India’s leading airline and SATS, Singapore’s largest ground handling company.
They have been suspended by their employer for inappropriate conduct, which involved accessing and making unauthorized changes to customer reservations.
Qantas apologizes to customers for theft of frequent flyer points by Indian contractors
Qantas uses India SATS as its ground handler in India, meaning its staff would have access to the airline’s flight bookings.
Qantas said the changes were made using other airlines’ reservation systems and that it had worked with these partner airlines to harden any vulnerabilities in the system.
It said these vulnerabilities were never present in Qantas’ ‘Manage Your Booking’ or Qantas Frequent Flyer systems.
Its spokesperson said that to ensure this type of access to customer account details does not happen again, airline partners have restricted the ways in which frequent flyer details can be changed.
For Qantas, this now means calling the contact center and verifying your identity.
The spokesperson said there has been no further unauthorized activity since the initial breach.
“As soon as we became aware of this, we worked closely with our airline partners to protect their systems and prevent this issue from occurring again,” the spokesperson said.
“Customers have received the full amount of points and status credits they were entitled to for their trip.”
The computer scandal came to light in The Australian after a Qantas customer in Sydney complained their account had been hacked and the airline had not been held responsible for the breach.
Qantas says frequent flyer customers have had their points returned after breach
Other Qantas customers have since claimed the same thing happened to them.
None have received any information from the airline, according to The Australian.
The customers who had their names and frequent flyer numbers stolen were reportedly not flying to India and had booked directly with the airline flying Qantas flights.
There is speculation that the IT breach could involve other airlines within the 15-airline Oneworld alliance.
The latest blow to Qantas comes amid reports that former chief executive Alan Joyce is arming himself with high-powered PR agents ahead of the release of his upcoming book The Chairman’s Lounge: The Inside Story of How Qantas Sold Us Out.
Joyce reportedly received $3.4 million in his final three months at Qantas, $14.9 million in his last full year and about $125 million during his tenure.
