Hundreds of Qantas customers have had their frequent-flyer points stolen by two third-party contractors in India.
The national carrier also confirmed to the Daily Telegraph that some customers’ passport details may have been accessed in the cyber theft involving staff from an Indian ground-handling company.
In a statement to Daily Mail Australia, a Qantas spokesman apologised to the 800 customers who had been caught up in the fraudulent activity, which has affected several other airlines.
‘This was not a cyber hack or data theft, but a case of two rogue employees of one of our suppliers abusing their position to fraudulently steal frequent-flyer points,’ he said.
‘The activity was stopped back in August with affected bookings remedied and points provided back to our members.
‘We are not aware of any current bookings being impacted. The police investigation in India is ongoing.’
The two contractors worked for India SATS, a joint venture between India’s main airline and SATS, Singapore’s biggest ground handling company.
They have been suspended by their employer for inappropriate conduct, which involved accessing and making unauthorised changes to customer bookings.
Qantas has apologised to customers for the theft of frequent-flyer points by Indian contractors
India SATS is used by Qantas as its ground handler in India, meaning its staff would have access to the airline’s flight bookings.
Qantas said the changes were made using other airlines’ booking systems and that it had worked with these partner airlines to tighten any system vulnerabilities.
It said these vulnerabilities were never present in Qantas’ ‘Manage Your Booking’ or Qantas frequent-flyer systems.
Its spokesman said that to ensure this type of access to customers’ account details did not occur again, partner airlines have restricted the ways frequent-flyer details can be changed.
For Qantas, this now means calling the contact centre and verifying your identity.
The spokesperson said there has been no further unauthorised activity since the initial breach.
‘As soon as we became aware of this, we worked closely with our airline partners to secure their systems to prevent this issue from happening again,’ the spokesperson said.
‘Customers have received the full amount of points and status credits they were entitled to for their travel.’
The IT scandal came to light in The Australian after one Qantas customer in Sydney complained that her account had been hacked and the airline had failed to take responsibility for the breach.
Qantas says that frequent-flyer customers have had their points returned after the breach
Since then, other Qantas customers have claimed the same thing happened to them.
None have received any information from the airline, according to The Australian.
The customers who had their names and frequent-flyer numbers stolen were reportedly not flying to India and had booked directly with the airline flying on Qantas flights.
There is speculation the IT breach may involve other carriers within the 15 airline Oneworld alliance.
The latest blow for Qantas comes amid reports that ex-CEO Alan Joyce is arming himself with high-powered PR operatives ahead of the release of forthcoming book The Chairman’s Lounge: The Inside Story of How Qantas Sold Us Out.
Joyce reportedly received $3.4 million in his final three months at Qantas, $14.9 million in his last full year and some $125 million over his tenure.
***
Read more at DailyMail.co.uk