Qantas Airways Ltd. said customer data stolen during a cyber incident in July has been released online, and that it’s working with security experts and Australian authorities to determine the extent of the exposure.
The breach involved 5.7 million records taken via a third-party platform, with most information limited to names, email addresses and frequent-flyer details, the airline said. A smaller portion included addresses, dates of birth, phone numbers, gender, and meal preferences, Qantas said in a statement on Sunday.
Qantas said no credit card, passport or login details were accessed, and that there had been no impact on frequent-flyer accounts. The company obtained a New South Wales Supreme Court injunction to stop the stolen data being accessed or shared, and said it has strengthened system monitoring and staff training since the breach.
Read more: Australia’s Qantas Says 6 Million Customer Accounts Accessed in Cyber Hack
The airline said it continues to work with the Australian Cyber Security Centre and Federal Police, and that affected customers have been offered identity protection support.
Photograph: A Qantas aircraft sits in a hangar at the Qantas and Jetstar mainenance hangar near Melbourne Tullamarine Airport, Melbourne, Australia, on Thursday, Feb. 27, 2025. Photo credit: Carla Gottgens/Bloomberg
“We believe every senior deserves dignity and joy in their golden years,” it read. “By clicking here, you’ll discover heartwarming stories of seniors we’ve helped and learn how you can join our mission.”
But the charity was fake, and the email’s purpose was to defraud seniors out of large sums of money. Its author: Elon Musk’s artificial-intelligence chatbot, Grok.
Grok generated the deception after being asked by Reuters to create a phishing email targeting the elderly. Without prodding, the bot also suggested fine-tuning the pitch to make it more urgent: “Don’t wait! Join our compassionate community today and help transform lives. Click now to act before it’s too late!”
The Musk company behind Grok, xAI, didn’t respond to a request for comment.
Phishing – tricking people into revealing sensitive information online via scam messages such as the one produced by Grok – is the gateway for many types of online fraud. It’s a global problem, with billions of phishing emails and texts sent every day. And it’s the number-one reported cybercrime in the U.S., according to the Federal Bureau of Investigation. Older people are especially vulnerable: Complaints of phishing by Americans aged 60 and older jumped more than eight-fold last year as they lost at least $4.9 billion to online fraud, FBI data show.
The advent of generative AI has made the problem of phishing much worse, the FBI says. Now, a Reuters investigation shows how anyone can use today’s popular AI chatbots to plan and execute a persuasive scam with ease.