Villain or victim? Qantas cyberattack will be a test of customer faith
How Qantas weathers this attack will depend in large part on whether Qantas is perceived as villain or victim, the size and the nature of the information stolen.
Loading
In terms of size, Qantas sits at number five in Australia based on the number of affected customers, behind Canva, Latitude, Optus and Medibank.
But measured by the sensitivity of the data, it doesn’t rate as highly, given there was no medical information stolen, no passports, no driver’s licence and no credit card details.
While birth dates, addresses and frequent flyer numbers, which were pinched in the hack, have some value to thieves, they surely won’t attract premium dollar on the information black market.
And at this stage, Qantas is not suggesting it has received a ransom demand.
On the spectrum of seriousness of publicly known cyberattacks, Qantas sits somewhere in the middle.
How Qantas weathers this attack will depend in large part on whether Qantas is perceived as villain or victim, the size and the nature of the information stolen.
Qantas will also get some cover from the public’s familiarity with these incidents, thanks to the numerous consumer-facing companies that have experienced similar troubles.
Even within aviation, there has been an alert from the FBI of airlines being targeted by a group using the moniker Scattered Spider.
The perp used an AI-created voice impersonation to get access to a third-party platform used by one of the airline contact centres.
Thus, the breach came down to human error, which is difficult – or even impossible – to combat.
Former Optus chief executive Kelly Bayer Rosmarin during a Senate hearing on November 17, 2023. She resigned three days later.Credit: Alex Ellinghausen
Curiously, among the legions of customer commentary post-Qantas hack, there are almost no calls for Hudson’s head on a stick. (It is safe to say this would not have been the case if Alan Joyce was still in charge.)
During the Optus cyberattack, there was a significant backlash against the company and its chief executive for failing to continuously disclose information to customers.
For companies, providing public information is often a difficult line to walk when they have limited visibility and their investigations are evolving.
Loading
But there is an obvious theme that is emerging with each successive large-scale data theft: customer questions about why companies need to hold what they see as an excessive amount of data.
Consumers question the purpose of many companies storing information such as date of birth or driver’s licence details and accuse companies of engaging in data mining for marketing purposes rather than using it for verification requirements.
There is certainly a cohort of customer commentators who blame the outsourcing of customer call centres, which they believe makes their data more vulnerable to hackers.
Two related points about any company’s need to improve their data security came through clearly – the first was a fear that there has been underinvestment in cybersecurity (and overinvestment in executive bonuses), and that penalties should be increased or imposed on companies for data breaches.
Loading
For Qantas, there is always a risk that it will lose customers, but based on the experience of those companies that trailblazed with earlier cyberattacks, the scare is generally short-lived.
Qantas’ share price is already beginning to recover from its Wednesday dip, but it will take a bit longer for customers to follow.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
