Qantas customers caught in global fraud from 'rogue' third-party employees

Customers at multiple global airlines, including hundreds of Qantas customers, had frequent flyer points accessed or redirected from their accounts over several weeks in July.

Qantas issued an apology over the fraudulent activity, which allegedly came from “rogue” third-party contractors working for an airport in India.

It is understood that two contractors have been suspended from their jobs, and Indian police have opened an investigation into the incident.

The two men are accused of having accessed customer bookings and making unauthorised changes, in an attempt to redirect frequent flyer points to an account they controlled.

Multiple airlines around the world were reportedly caught in the breach.

The booking information that was accessed by the suspected fraudsters included passport numbers.

A Qantas spokesperson issued an apology to its customers.

“We apologise to our customers who have been caught up in this fraudulent activity, which has impacted a number of airlines,” they said.

 “As soon as we became aware of this, we worked closely with our airline partners to secure their systems to prevent this issue from happening again.

 “Customers have received the full amount of points and status credits they were entitled to for their travel.”

Qantas stressed the attack was not related to cybersecurity.

“This was not a cyber hack or data theft, but a case of two rogue employees of one of our suppliers abusing their position to fraudulently steal frequent flyer points,” the airline said.

Qantas said the activity stopped in August, with all frequent flyer points returned to customers.

No current Qantas bookings are thought to be impacted.

It is understood the changes to customer bookings were made using other airline’s booking systems, with affected airlines since restricting the way changes can be made to frequent flyer details.

The police investigation in India is ongoing.