By Nassim Khadem and Rhiana Whiston, ABC
Photo: WILLIAM WEST/AFP
The Qantas chief executive says the airline takes cybersecurity breaches "incredibly seriously" and has apologised to more than 6 million customers who received a personalised email on Wednesday, informing them that cybercriminals had broken through the company's defences.
"What I would first like to say is acknowledge the impact to all our customers and, first and foremost, I'd like to apologise to them," Vanessa Hudson said in an interview with Channel Seven in Athens overnight.
"I know this data breach is a serious concern. I know the stress that it has created for many, many millions of customers.
"And so, right up front, I want to say we take this seriously and we are going to do everything that we can to communicate transparently."
Hudson said the breach occurred when a cybercriminal infiltrated one of the airline's call centres and accessed a service platform that enabled them to get access to customer data.
She said the criminals accessed "principally customer names, also phone numbers and frequent flyer numbers as well".
"That is something that we are very concerned about and we are absolutely doing everything that we can to rectify this situation," she said.
"What I can also say, though, is that that the threat has been contained and the systems are now secure, and our number-one focus is to support customers through this process."
Hudson said the airline communicated with its customers "as quickly as possible" and it was being transparent.
Qantas chief executive Vanessa Hudson. Photo: AFP / Qantas
"I take absolute responsibility for the event that has occurred. As soon as I heard about it, I have focused on it basically 24/7," she said.
"Part of the steps that we're taking [involves being] ... really transparent with customers, but then also obviously next week we'll be following up and giving our customers the information that they need to understand how the specific data pertaining to them has potentially been breached in this."
Qantas says cybercriminals getting more sophisticated
Hudson said the company had invested "tens of millions" of dollars in cyber security and "that's been increasing year on year" but criminals were getting more sophisticated.
"We take cybersecurity incredibly seriously, and we have got absolute focus right across our organisation, from training to system controls to system alerts in this instance," she said.
"Unfortunately, the cybercriminal was able to get through."
Hudson said Qantas was now working with the federal government to "investigate this right through to the end".
"These are criminal cybercriminals and we have involved the AFP and we've involved the government cybersecurity team," she said.
She noted the cybercriminals did not get access to customers' passport information, credit card information or password information.
"Your frequent flyer accounts, from a customer perspective, are secure," she said.
"We have not had passport information breached. We have not had credit card information breached and we have not had password information breached."
Airline building defences against future breaches
Hudson said Qantas had provided "significant training" to employees but cybercriminals were getting more apt at breaching security measures.
"We are going to learn from this. We are going to do a full investigation," she said.
Hudson said the airline had now "strengthened and increased controls" and would continue to build its defences against future breaches. But she said the reality for all organisations was "we live in a world where our cybercriminals are global".
"They [cyber criminals] are good at what they do. They are constantly innovating in terms of what we do. And so that is why we are constantly going to be improving our systems as we go forward as well."
The company's reputation has been battered in recent years. That has included coping penalties for misleading customers by selling tickets on flights that had already been cancelled.
Former Qantas CEO Alan Joyce also faced heat in parliamentary hearings over rising profits and airfares despite growing customer dissatisfaction.
Asked whether the cyber breach would further dent the airline's standing with customers, Hudson said "trust is something that is earned" and "comes from being up-front and transparent and that is what we are doing".
"In this event, we have communicated to customers as soon as we knew."
-ABC
