Qantas Airways, Australia’s flagship carrier, experienced a significant cybersecurity breach affecting up to 6 million customers. Cybercriminals gained unauthorized access to a third-party customer service platform used by the airline’s contact centre operations. The compromised data includes names, emails, phone numbers, birth dates, and frequent flyer numbers, but no financial data. The airline has contained the system, notified authorities, and implemented additional security measures. A dedicated support hotline has been established, and flight operations remain unaffected.
Source: https://cybersecuritynews.com/qantas-airlines-cyberattack/
TPRM report: https://scoringcyber.rankiteo.com/company/qantas
"id": "qan612070225",
"linkid": "qantas",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6 million',
'industry': 'Aviation',
'location': 'Australia',
'name': 'Qantas Airways',
'type': 'Airline'}],
'attack_vector': 'Third-party customer service platform',
'data_breach': {'data_exfiltration': 'Possible',
'number_of_records_exposed': '6 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Birth dates',
'Frequent flyer numbers']},
'date_detected': 'Monday',
'description': 'A significant cybersecurity breach affecting up to 6 million '
'customers, with cybercriminals gaining unauthorized access to '
'a third-party customer service platform used by the airline’s '
'contact centre operations.',
'impact': {'data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Birth dates',
'Frequent flyer numbers'],
'systems_affected': 'Third-party customer service platform'},
'initial_access_broker': {'entry_point': 'Third-party customer service '
'platform'},
'investigation_status': 'Ongoing',
'motivation': 'Data Theft',
'regulatory_compliance': {'regulations_violated': 'Potential Privacy Act '
'violations',
'regulatory_notifications': 'Australian Cyber '
'Security Centre '
'(ACSC), Office of the '
'Australian Information '
'Commissioner (OAIC), '
'Australian Federal '
'Police (AFP)'},
'response': {'communication_strategy': 'Dedicated support hotline established',
'containment_measures': 'System contained, additional security '
'measures implemented',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Yes'},
'threat_actor': 'Cybercriminals',
'title': 'Qantas Airways Cybersecurity Breach',
'type': 'Data Breach'}