Australian airline Qantas has said it is investigating a data privacy breach on its app that left customers with access to other passengers’ personal details. On May 1, 2024, some users reported seeing electronic boarding passes and flight details belonging to other passengers. This data included full names and frequent flyer information in some cases.
Qantas said it fixed the problem about three hours after it was discovered and apologized to customers. The airline issued an apology on its website for the chaos, seeking to reassure customers that the technical disruption was not a cyber security incident.
“Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes,” it said in a statement. There was “no indication of a cyber security incident”, it added. The carrier also warned anyone affected to be on the alert for any “social media scams” that may have resulted from the data breach.
One Qantas customer, Josh Withers, told the Australian ABC news channel that another passengerӰҵ name and details appeared when he opened the app on May 1.
“It said: ‘Hi Sam’ and I instantly noticed [that] Sam had a lot more Qantas points than I did,” he said.
Withers told ABC that each time he re-opened the portal a new customerӰҵ details would appear including their frequent flyer points and scheduled flights.
Meanwhile, another Qantas passenger speaking to local Australian media has said they appeared to have the ability to cancel another passengerӰҵ upcoming flight to Europe. Speaking to Nine News, technology journalist Trevor Long said that in the space of 15 minutes, he could “capture at least 8-12 different peopleӰҵ details including valid boarding passes”.
Qantas said “some” frequent flyers had been able to view the travel information of other customers, such as their name, upcoming flight details, and points balance. However, “No further personal or financial information was shared, and customers would not have been able to transfer or use the Qantas Points of other frequent flyers,” the airline added.
The airline stated that it was “not aware of any customers traveling with incorrect boarding passes”.
To resolve any outstanding issues following this glitch, the airline recommended that users log out and then log back into the app to try and fix any further issues they may be persisting.
Meanwhile, social media channels were flooded with criticisms of Qantas from customers claiming to be affected by the incident. Users on X (formerly Twitter) shared screenshots of the glitch and alleged phishing attempts. Some also appeared to show accounts posing as Qantas customer care agents asking for peopleӰҵ personal information to assist them.
