Qantas breach sparks AI scam alert for Australians

The recent Qantas data breach has brought renewed attention to the changing nature of cyber threats, with implications for the insurance industry and its clients.

According to Vidit Sehgal, CEO of V4 IT Services, cybercriminals are increasingly using artificial intelligence (AI) to bypass identity verification processes.

This shift allows attackers to impersonate individuals using AI-generated voice technology, enabling them to access personal accounts and redirect funds without the victim’s knowledge.

Cybercriminals adopt new tactics following Qantas data breach

Sehgal noted that the information accessed in the Qantas incident could be used to construct detailed profiles of affected individuals.

“Hackers can now call your bank, sound like you, quote your stolen personal information, and request to update your account details. They can reroute your wages, divert refunds, or redirect invoice payments, all while you have no idea it’s happening,” he said.

This trend marks a move away from traditional hacking methods toward more advanced social engineering strategies that exploit trust in established processes.

Identity fraud risks increase as criminals exploit AI tools

The use of AI in cybercrime is enabling attackers to simulate phone calls and clone voices, making it easier to manipulate customer service systems and financial institutions.

Sehgal advised Australians, especially those impacted by recent breaches, to regularly monitor their financial and personal accounts.

Recommended actions include:

• Reviewing bank and superannuation accounts weekly
• Confirming that contact and payment details remain accurate
• Checking for any unauthorised users or devices linked to accounts

“Hackers lie in wait and strike when you’re distracted. You must build the habit of checking your accounts, because once money is sent to a fake account, it’s usually unrecoverable,” Sehgal said.

Warning signs and vulnerabilities in home systems

Sehgal pointed out that many individuals may not recognise the signs of a compromised system until significant harm has occurred. Indicators include:

• Unexpected password reset requests
• Unfamiliar emails or messages sent from personal accounts
• Unexplained activation of webcams
• Unusual computer performance such as slowdowns or disabled antivirus software

He highlighted that home networks, often less secure than business environments, are increasingly targeted due to weaker defences.

Long-term risks and recommended security measures

Data stolen in breaches may be stored and sold for future exploitation, sometimes months or years after the initial incident.

Sehgal emphasised that while passwords can be changed, other personal data such as names, dates of birth, and voice samples are more difficult to secure once compromised.

To reduce exposure, Sehgal recommended several steps:

• Conducting manual reviews of all key accounts
• Enabling two-factor authentication
• Being cautious with unsolicited communications
• Ensuring all devices are protected with up-to-date security software
• Considering a professional IT health check for home systems

He also suggested only answering calls from known contacts to limit exposure to voice-based scams.

Industry reports highlight rising concern and financial consequences

Recent research from Beazley and Aon indicated a growing awareness of cyber risk among global business leaders.

Beazley’s 2025 Risk & Resilience report found that nearly one-third of executives now rank cyber risk as their primary concern, an increase from the previous year.

Aon’s 2025 Cyber Risk Report examined the financial impact of cyber incidents that result in reputational damage. It showed that companies experiencing such events saw an average 27% drop in shareholder value, with malware and ransomware attacks most likely to lead to these outcomes.