Qantas Suffers Major Data Breach Affecting Up to 6 Million Customers
Qantas, Australia’s largest airline, has confirmed a cyberattack that compromised the personal data of up to six million customers through a third-party call center platform. The breach was detected on Monday, with threat actors gaining unauthorized access to customer service records.
The stolen data may include names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Qantas has assured customers that no financial information, credit card details, or login credentials were exposed. The airline has contained the incident, stating that its internal systems remain secure, and has set up a dedicated support line for affected individuals.
Qantas Group CEO Vanessa Hudson apologized, emphasizing the company’s commitment to customer trust and support. The breach follows a series of controversies for the airline, including pandemic-related operational issues and opposition to Qatar Airways’ expansion plans.
Authorities, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police, have been notified. Independent cybersecurity experts are investigating the incident.
Potential Link to Scattered Spider
While the attackers’ identity remains unconfirmed, the tactics used align with those of the Scattered Spider ransomware group, which has recently targeted airlines and retailers in the U.S. and U.K. The FBI has warned about the group’s use of social engineering such as phishing, SIM swapping, and help desk impersonation to bypass multi-factor authentication and steal sensitive data.
Scattered Spider, also known as UNC3944, is a sophisticated cybercriminal collective believed to consist of young adults in the U.S. and U.K. The group has been linked to high-profile attacks on MGM Resorts, Caesars Entertainment, and Snowflake customers, often partnering with ransomware-as-a-service (RaaS) providers like ALPHV. Their recent focus on aviation includes breaches at Hawaiian Airlines and WestJet, where they exploited self-service password reset tools.
Rising Cyber Threats in Australia
The Qantas breach adds to a surge in cyber incidents across Australia. The Office of the Australian Information Commissioner reported a 25% year-on-year increase in data breaches, with 1,113 incidents in the last fiscal year up from 893 in 2023. The health sector was the most targeted, followed by government, finance, and retail. 69% of breaches were attributed to malicious or criminal activity, with phishing and ransomware as the primary methods.
Scattered Spider’s evolution from telecom attacks to critical infrastructure and high-profile extortion highlights the growing sophistication of cybercriminal groups. Their use of legitimate remote-access tools and cloud platforms underscores the challenges organizations face in defending against such threats.
Source: https://www.linkedin.com/pulse/qantas-hit-major-cyber-attack-exposing-data-up-dly2e
Hawaiian Airlines TPRM report: https://www.rankiteo.com/company/hawaiian-airlines
Qantas TPRM report: https://www.rankiteo.com/company/qantas
MGM Resorts TPRM report: https://www.rankiteo.com/company/mgm-resorts-international
"id": "hawqanmgm1771230438",
"linkid": "hawaiian-airlines, qantas, mgm-resorts-international",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Up to 6 million',
'industry': 'Aviation',
'location': 'Australia',
'name': 'Qantas',
'size': 'Large',
'type': 'Airline'}],
'attack_vector': 'Third-party call center platform',
'customer_advisories': 'Dedicated support line established, public apology '
'issued',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Up to 6 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate (no financial or login '
'credentials exposed)',
'type_of_data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Birth dates',
'Frequent flyer numbers']},
'date_detected': '2023-10-02',
'description': 'Qantas, Australia’s largest airline, has confirmed a '
'cyberattack that compromised the personal data of up to six '
'million customers through a third-party call center platform. '
'The breach was detected on Monday, with threat actors gaining '
'unauthorized access to customer service records. The stolen '
'data may include names, email addresses, phone numbers, birth '
'dates, and frequent flyer numbers. Qantas has assured '
'customers that no financial information, credit card details, '
'or login credentials were exposed. The airline has contained '
'the incident, stating that its internal systems remain '
'secure, and has set up a dedicated support line for affected '
'individuals.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Personal data of up to 6 million customers',
'identity_theft_risk': 'High',
'payment_information_risk': 'None',
'systems_affected': 'Third-party call center platform'},
'initial_access_broker': {'entry_point': 'Third-party call center platform'},
'investigation_status': 'Ongoing',
'motivation': 'Data exfiltration, potential extortion',
'ransomware': {'data_exfiltration': 'Suspected'},
'references': [{'source': 'Qantas Public Statement'},
{'source': 'Australian Cyber Security Centre'},
{'source': 'FBI Advisory on Scattered Spider'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes (Office of the '
'Australian Information '
'Commissioner)'},
'response': {'communication_strategy': 'Dedicated support line for affected '
'individuals, public apology from CEO',
'containment_measures': 'Incident contained, internal systems '
'secured',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (Australian Federal Police, '
'Office of the Australian '
'Information Commissioner, '
'Australian Cyber Security Centre)',
'third_party_assistance': 'Independent cybersecurity experts'},
'threat_actor': 'Scattered Spider (suspected)',
'title': 'Qantas Suffers Major Data Breach Affecting Up to 6 Million '
'Customers',
'type': 'Data Breach'}