If Qantas were a person, it’d be that person at the bar who spills your drink, blames the table, and then proceeds to do nothing except make lame excuses and wander off without offering to buy you a fresh one.
The airline’s latest crisis? Last week’s cyber privacy breach involving 5.7 million customers’ personal data and, for a subset of those, frequent flyer data. More than a week after the data breach, Qantas appears none the wiser as to who perpetrated it or why. If it does, it is certainly not sharing that information with those affected: its customers. Qantas now says it knows who had what data stolen and is contacting those affected. Progressively.
The realities of this monumental failure by the airline continue to be quietly downplayed by management as a “technical issue”; no mention of a cyberattack, and no evidence of malicious activity, they say. And, anyway, it was on a “third-party platform”.
“Since the incident, we have put in place a number of additional cybersecurity measures to further protect our customers’ data, and are continuing to review what happened,” Qantas said in its latest update.
But if you talk to the people who keep Qantas airborne, you’ll get a different story, one of outsourcing and a leadership team pathologically incapable of owning its failures.
“This isn’t a one-off glitch. It’s the third major IT-related debacle in as many years. And it’s yet another symptom of a company that has hollowed out its internal capacity and outsourced critical functions all to save money. The customers and staff always seem to come last,” one pilot told Crikey.
Another pilot noted that the Qantas chairman John Mullen has yet to make any comment or offer reassurance to customers: “The board seem to be sticking their heads in the sand and hoping the problem will go away.”
But it’s the now all-too-familiar outsourcing that most rankles Qantas staff. The airline’s rank and file are still fuming about the illegal outsourcing of baggage handlers, which the company fought all the way to the High Court before being found guilty several times and forced to pay hundreds of millions in compensation.
From a crisis management perspective, Qantas has once again failed the basics. There’s been no public accountability, just passive-voice statements and buried FAQs. Customers found out about the data breach via app alerts or media leaks initially — not from the airline. The message seems to be: we’ll let you know if it gets worse. Given Qantas’ track record, this may be designed to limit legal exposure, but it torches trust, something that its CEO Vanessa Hudson has been working hard to try and regain.
But actions speak louder than comforting words. As a Qantas Frequent Flyer myself, who had received an initial email notifying me that my data may well have been taken by the hackers, I once more called the outsourced (yes, really — to the UK) help number, where staff were no wiser than they had been when I called them last week.
With Crickey