Qantas Data Breach Exposes Millions in Cyberattack

Qantas has confirmed that a cyberattack targeting a third-party platform used by its contact center may have resulted in a significant data breach involving the personal details of up to six million customers. The incident, which was first detected on July 1, 2025, involved unauthorized access to a customer servicing system, raising concerns about growing threats to airline cybersecurity.

The airline disclosed on July 2, 2025, that unusual activity was identified on the third-party system used to handle customer service records. In response, Qantas initiated immediate countermeasures to isolate and secure the affected platform. Despite successfully containing the breach, the airline acknowledged that a large volume of personal data may have been compromised.

According to Qantas, the data in question may include customer names, email addresses, phone numbers, birth dates, and frequent flyer numbers. However, the company emphasized that the system did not store sensitive financial details such as credit card information, banking data, or passport numbers. Additionally, there has been no evidence that frequent flyer accounts, passwords, or login credentials were accessed.

The incident comes just days after the US Federal Bureau of Investigation issued a warning to airlines about potential cyber threats posed by Scattered Spider, a group known for using social engineering tactics. The FBI noted that the group often impersonates employees or contractors to bypass multi-factor authentication protocols and gain access to corporate systems, including those of third-party vendors. The warning highlighted that major corporations and their partners remain prime targets for such attacks.

In response to the breach, Qantas has alerted relevant authorities, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. The airline is also collaborating with the Federal Government’s National Cyber Security Coordinator and independent cyber experts to fully investigate the breach and enhance its security measures.

Qantas has begun contacting affected customers directly to notify them of the situation, offer support, and express regret over the incident. The airline is expected to continue this outreach as more details emerge during the ongoing investigation.

Qantas Group CEO Vanessa Hudson issued an apology, stating that the airline understands the concern and inconvenience caused by the breach. She reiterated Qantas’ commitment to data security and transparency, saying the company takes the trust of its customers seriously and is acting swiftly to minimize the impact.

As airlines continue to digitize operations and rely more on third-party platforms, incidents like this highlight the critical need for robust cyber defenses and stronger protections across the travel ecosystem.

Related News : https://airguide.info/?s=Qantas