Qantas Rocked by “Significant” Cyber Incident, Millions of Customer Records Compromised
Sydney, Australia 03 July,2025’
*This article generated with assistance of Gemini AI/Formatting and Fact checking by A.Ritenis
SYDNEY, Australia – July 3, 2025 – Qantas, Australia’s national carrier, has confirmed a “significant” cybersecurity incident that has potentially exposed the personal data of up to six million customers. The breach, detected on Monday, June 30, 2025, targeted a third-party platform used by one of the airline’s contact centres, not Qantas’s core operational systems.
According to statements released by Qantas, a cybercriminal gained unauthorised access to this customer servicing platform.
While the airline was swift to contain the system, an initial review indicates that the stolen data includes customers’ names, email addresses, phone numbers, dates of birth, and Frequent Flyer numbers.
Crucially, Qantas has assured the public that credit card details, personal financial information, and passport details were not held on the compromised system and thus were not exposed. Furthermore, Frequent Flyer accounts, passwords, PINs, or login details remain secure.
Qantas Group Chief Executive Officer, Vanessa Hudson, issued a sincere apology to affected customers, acknowledging the concern and uncertainty the incident will cause. “Our customers trust us with their personal information, and we take that responsibility seriously,” Ms. Hudson stated. “We are contacting our customers today, and our focus is on providing them with the necessary support.”
The airline has moved to implement additional security measures to further restrict access and bolster system monitoring and detection.
Qantas is collaborating closely with the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police, who have been notified due to the criminal nature of the incident. Independent cybersecurity experts are also assisting in the ongoing investigation.
While Qantas has not officially named the perpetrators, cybersecurity analysts, including Tony Jarvis, Darktrace Field CISO and VP APJ, have noted that the incident bears hallmarks of the “Scattered Spider” ransomware group. This group, known for its social engineering tactics and targeting of the aviation sector, has been linked to recent attacks on Hawaiian Airlines and WestJet. Scattered Spider is believed to exploit human vulnerabilities through methods like phishing, Multi-Factor Authentication (MFA) bombing, and SIM swapping.
The incident has reignited discussions surrounding third-party risk management and the broader cybersecurity landscape in Australia. Experts have offered mixed reviews on Qantas’s initial communication strategy, with some praising the proactive disclosure while others call for more detailed and frequent updates for affected customers.
Qantas has established a dedicated customer support line (1800 971 541 or +61 2 8028 0534 from overseas) and a dedicated webpage on qantas.com to provide the latest information and specialist identity protection advice. Customers with upcoming travel have been advised that there is no impact on Qantas operations or the safety of flights.
As the investigation continues, the full extent of the data compromised and the long-term impact on Qantas’s brand and customer trust remain to be seen. This incident serves as a stark reminder of the persistent and evolving threat of cyberattacks faced by organisations globally.
