Qantas

Australian airline Qantas suffered a cyber incident where hackers breached a contact center containing 6 million customer records. The data stolen includes customer names, emails, phone numbers, frequent flyer numbers, and birth dates. The airline confirmed that financial information and passport details were not compromised. The attack, which appears to be contained, has raised concerns in the airline industry about cyberattacks.

Source: https://therecord.media/qantas-airline-data-breach

TPRM report: https://scoringcyber.rankiteo.com/company/qantas

"id": "qan609070225",
"linkid": "qantas",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '6 million',
                        'industry': 'Aviation',
                        'location': 'Australia',
                        'name': 'Qantas',
                        'type': 'Airline'}],
 'attack_vector': 'Phishing',
 'customer_advisories': ['Email notifications', 'Support line for customers'],
 'data_breach': {'number_of_records_exposed': 'Significant portion of 6 '
                                              'million',
                 'personally_identifiable_information': ['Customer names',
                                                         'Emails',
                                                         'Phone numbers',
                                                         'Frequent flyer '
                                                         'numbers',
                                                         'Birth dates'],
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information']},
 'date_detected': '2024-07-15',
 'date_publicly_disclosed': '2024-07-17',
 'description': 'Qantas warned customers that a cyber incident exposed '
                'customer data, including names, emails, phone numbers, '
                'frequent flyer numbers, and birth dates.',
 'impact': {'data_compromised': ['Customer names',
                                 'Emails',
                                 'Phone numbers',
                                 'Frequent flyer numbers',
                                 'Birth dates'],
            'systems_affected': ['Third-party customer servicing platform']},
 'initial_access_broker': {'entry_point': 'Third-party customer servicing '
                                          'platform'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data Theft',
 'references': [{'source': 'FBI'},
                {'source': 'Mandiant'},
                {'source': 'Palo Alto Networks'}],
 'regulatory_compliance': {'regulatory_notifications': ['Australian Cyber '
                                                        'Security Centre',
                                                        'Australian Federal '
                                                        'Police',
                                                        'Office of the '
                                                        'Australian '
                                                        'Information '
                                                        'Commissioner']},
 'response': {'communication_strategy': ['Email notifications',
                                         'Support line for customers'],
              'law_enforcement_notified': ['Australian Cyber Security Centre',
                                           'Australian Federal Police',
                                           'Office of the Australian '
                                           'Information Commissioner']},
 'threat_actor': 'Scattered Spider',
 'title': 'Qantas Data Breach',
 'type': 'Data Breach'}