Qantas has been hacked with millions of frequent flyers customers now facing having to change their passwords and credit cards with up to 6 million people affected, this is the same gang that has been attacking big retailers.

Customers were only made aware of the problem following media stories.

The attack is believed to be part of a co-ordinated attack on airlines globally with Qantas one of the global airlines targeted.

A group of cyberhackers known as “Scattered Spider” are believed to be behind the Qantas attack according to the FBI who warned airlines days ago to the problem.

the Australian Federal Police have also failed to warn customers despite their close relationship with the US FBI.

The cybergang which has been linked to data breaches at major retailers including Marks & Sparks in the UK in the past with the potential that retailers in Australia could be targeted according to UK observers.

Unlike the FBI the AFP or Qantas failed to issue any urgent warning following the FBI alert.

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,” the agency said.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.”

At this stage it’s not known whether Qantas has been asked to pay a ransom.

According to the FBI airlines such as Qantas are being warned “Not to pay a ransom”.

Qantas says over 6 million Aussies have had their personal data taken in a cyberattack.

A visit to the Frequent Flyer web site has no warnings.

To change your Qantas Frequent Flyer password or security details, log in to your account at qantas.com and navigate to “My profile”.

There, you can update your contact information, including email and phone numbers, and manage your PIN. You can also manage two-factor authentication (2FA) settings for added security.

“The threat from Scattered Spider is ongoing and rapidly evolving,” the FBI said.

Qantas admits that the gang gained access via third-party client service platform but have not named the platform.

Of the 6 million customers’ all names, email addresses, phone numbers, birthdates and frequent flyer numbers were compromised.

The Alaskan Air owned Hawaiian Airlines who fly into Australia, were also hacked.

and WestJet were both hit by similar attacks in the past two weeks.

Other Australian brands targeted by cybercriminals, including Medibank and Optus.

“Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

Given the criminal nature of this incident, the Australian Federal Police has also been notified,” it said.

Chief executive Vanessa Hudson apologised to customers and said Qantas would provide necessary support.

“We are working closely with the federal government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cybersecurity experts.”