Qantas customers’ personal data has been compromised after a data breach revealed the names, seat numbers and frequent flyer numbers of eight passengers to another passenger looking at the Qantas check-in app on Thursday. The app, which was used to check in for a flight between Newman, Western Australia, and Perth, showed the length of the flight and that a snack or brunch would be available, but the Qantas passenger was shocked to be able to see details for other passengers.
Qantas does not believe the incident should be considered a data breach, as the incident occurred when a group booking was made by one of the major mining companies. Usually workers with flights booked by the mining companies don’t see details belonging to other passengers. A Qantas spokesperson said the airline took security matters seriously.
It is not the first time Qantas customer details have been shared with others. In January, an email sent to customers flying out of Melbourne warned of traffic delays on the Tullamarine Freeway included surnames and booking references of other passengers.
It is unclear how many customers saw other passengers’ data, or how many people were booked on group bookings with such data available.
Other major Australian companies have had issues with customer data breaches. In 2012, major bank NAB mistakenly sent details of 60,000 customers to the owner of nab.com (who also owns a series of adult websites) — the bank uses nab.com.au. The data breach was only revealed this year. The Privacy Commissioner is also investigating the sale of personal details of Australian customers of Optus, Telstra and Vodafone.
Last month the government passed laws that make it mandatory for government agencies and businesses with turnover of more than $3 million to notify individuals affected by data breaches that could cause serious harm. The Notifiable Data Breach system will come into effect in February next year, and it includes breaches as a result of hacking as well as mistaken releases of information.
Qantas appointed its first chief information security officer, Darren Argyle, last month.