Australian airline Qantas confirmed that **customer data stolen via a third-party platform** was published online following a **July cyberattack**. The breach involved **five million records**, including personal customer information, though the full scope remains under investigation. Qantas secured a court injunction to block further dissemination of the stolen data and implemented additional security measures, such as enhanced monitoring, team training, and identity protection services for affected customers. The company is collaborating with Australian cybersecurity agencies (e.g., **Australian Cyber Security Centre, Australian Federal Police**) to mitigate risks. Experts warn of escalating threats to the aviation sector, highlighting **supply chain vulnerabilities** and **AI-driven social engineering** as key attack vectors. Qantas refused ransom demands, aligning with global guidance against funding cybercriminal operations. The incident underscores the sector’s exposure to **data exfiltration via third-party compromises**, with potential long-term consequences for victims, including phishing and identity fraud risks.
TPRM report: https://www.rankiteo.com/company/qantas
"id": "qan0393003101325",
"linkid": "qantas",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5,000,000 (records exposed)',
'industry': 'Aviation',
'location': 'Australia',
'name': 'Qantas',
'size': 'Large (millions of customers)',
'type': 'Airline'}],
'attack_vector': ['Third-Party Exploitation',
'Social Engineering (Potential)',
'Supply Chain Attack'],
'customer_advisories': ['July notifications to impacted customers about '
'exposed PII types',
'Ongoing access to identity protection services'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '5,000,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes customer PII, risk of '
'identity theft)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-07-00',
'date_publicly_disclosed': '2024-07-00',
'description': 'Australian airline Qantas confirmed that customer data stolen '
'via a third-party platform was published online following a '
'major cyberattack in early July. The breach affected '
'approximately 5 million records, though Qantas has millions '
'of customers, suggesting the incident may have been limited '
'to a compromised third-party or isolated system. The company '
'obtained a court injunction to prevent further dissemination '
'of the stolen data and implemented additional security '
'measures, including enhanced monitoring, team training, and '
'identity protection services for affected customers. Qantas '
'refused to pay any ransom demand, aligning with global '
'guidance against rewarding cybercriminals. Experts warn of '
'rising threats to the aviation sector, particularly from '
'social engineering and supply chain attacks, and emphasize '
'the need for Zero Trust principles, workforce education, and '
'robust incident response planning.',
'impact': {'brand_reputation_impact': 'Moderate to High (Potential long-term '
'distrust, especially during peak '
'travel season)',
'data_compromised': True,
'identity_theft_risk': 'High (5 million records exposed, including '
'PII; risk amplified by GenAI-powered '
'phishing/social engineering)',
'legal_liabilities': ['Ongoing NSW Supreme Court injunction to '
'block data dissemination'],
'systems_affected': ['Third-Party Platform']},
'initial_access_broker': {'entry_point': 'Third-party platform or isolated '
'Qantas vendor/subsidiary system',
'high_value_targets': ['Customer PII data']},
'investigation_status': 'Ongoing (with specialist cybersecurity experts and '
'government agencies)',
'lessons_learned': ['Third-party integrations are critical attack vectors; '
'least-privilege access and continuous monitoring are '
'essential.',
'Refusing ransom payments aligns with global guidance and '
'disrupts cybercriminal incentives.',
'Zero Trust principles and phish-resistant MFA can '
'mitigate social engineering risks.',
'Supply chain attacks require rigorous vendor security '
'assessments and segmentation.',
'Offline backups and rehearsed incident response plans '
'are vital for ransomware resilience.'],
'motivation': ['Data Theft', 'Extortion (Attempted)', 'Financial Gain'],
'post_incident_analysis': {'corrective_actions': ['Implemented additional '
'security measures and '
'enhanced monitoring',
'Increased cybersecurity '
'training for teams',
'Strengthened system '
'detection capabilities',
'Established legal '
'injunction to block data '
'dissemination',
'Partnered with government '
'agencies (ACSC, AFP) for '
'ongoing support'],
'root_causes': ['Compromised third-party platform '
'or vendor system',
'Potential lack of least-privilege '
'access controls for external '
'integrations',
'Possible gaps in continuous '
'monitoring of third-party '
'connections']},
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'recommendations': ['Adopt Zero Trust architecture to limit lateral movement '
'in breaches.',
'Implement phish-resistant multi-factor authentication '
'(MFA) and identity verification.',
'Conduct regular security reviews of third-party vendors '
'and supply chain partners.',
'Enhance workforce education on social engineering '
'tactics (e.g., AI deepfakes).',
'Maintain offline, immutable backups to ensure recovery '
'without ransom payments.',
'Establish standing board-level discussions on '
'cybersecurity investments and response readiness.',
'Collaborate with government agencies (e.g., ACSC, AFP) '
'for threat intelligence sharing.'],
'references': [{'source': 'Qantas Official Statement',
'url': 'https://www.qantas.com'},
{'source': 'ImmuniWeb (Dr. Ilia Kolochenko)'},
{'source': 'CyberSmart (Jamie Akhtar)'},
{'source': 'Abnormal AI (Richard Orange)'},
{'source': 'Entrust (Jordan Avnaim)'},
{'source': 'FBI Warning on Scattered Spider'}],
'regulatory_compliance': {'legal_actions': ['NSW Supreme Court injunction'],
'regulatory_notifications': ['Australian Cyber '
'Security Centre '
'(ACSC)',
'Australian Federal '
'Police (AFP)']},
'response': {'communication_strategy': ['Public statements',
'Updates on qantas.com',
'Direct customer notifications '
'(July)'],
'containment_measures': ['NSW Supreme Court injunction to block '
'data access/publication'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['24/7 customer support line',
'Specialist identity protection services '
'for affected customers'],
'remediation_measures': ['Additional security measures',
'Increased team training',
'Strengthened system monitoring and '
'detection'],
'third_party_assistance': ['Specialist cybersecurity experts']},
'stakeholder_advisories': ['Updates provided via qantas.com and 24/7 support '
'line'],
'title': 'Qantas Customer Data Breach via Third-Party Platform',
'type': ['Data Breach', 'Third-Party Compromise']}