Qantas Airways said a cyberattack compromised the personal details of around six million customers, marking one of Australia's most significant data breaches in recent years.
The airline has disclosed that a hacker accessed personal data via a third-party customer service platform, in what the airline described as a major cyber security breach.
The compromised information includes names, contact details, birth dates and frequent flyer numbers, though Qantas said passwords, PINs and login credentials were not affected. There was no impact on flight safety or operations, the airline said.
The breach was detected after unusual activity was noticed on a call centre platform operated by an external vendor. Qantas has not identified the vendor or the specific group responsible but confirmed the incident is under investigation.
“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” Qantas said in a statement.
The airline reported the incident to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. The ACSC declined to comment, while the AFP said only that it was aware of the incident.
The U.S. Federal Bureau of Investigation recently warned that a cybercrime group known as Scattered Spider has been targeting airlines. Although Qantas has not attributed the attack to any specific group, cybersecurity experts said the incident shared hallmarks of similar breaches.
Charles Carmakal, chief technology officer at Mandiant, a cybersecurity firm owned by Alphabet, said it was too early to confirm if Scattered Spider was responsible. However, he warned that airlines globally should be on “high alert” for social engineering attacks.
Mark Thomas, Australian director at cybersecurity company Arctic Wolf, said the apparent scale and coordination of recent airline breaches is “particularly alarming.”
Qantas shares were down 2.4% in afternoon trading, underperforming the broader market, which was up 0.8%.
The breach comes at a sensitive time for the airline, which is attempting to rebuild trust following reputational damage during and after the COVID-19 pandemic. The carrier previously faced public backlash over mass layoffs, cancelled ticket sales, and controversy surrounding its influence on government aviation policy.
Chief Executive Vanessa Hudson, who took office in 2023, said the airline was taking the incident seriously.
“We recognise the uncertainty this will cause,” she said. “Our customers trust us with their personal information and we take that responsibility seriously.”
The incident is among the most high-profile cyber breaches in Australia since attacks on telecommunications giant Optus and insurer Medibank in 2022. Those cases led to tougher cyber resilience laws, including mandatory compliance and incident reporting.
U.S. President Donald Trump said that Iran had agreed to nuclear inspections into "infinity, despite Tehran's denials, and that unfrozen Iranian asset...
Bangladesh has called for increased climate financing and faster delivery of support to vulnerable nations, arguing that current global funding commit...
Apple is facing a £3 billion lawsuit in the United Kingdom after a competition tribunal approved a major collective action over its iCloud storage se...
Iran has strengthened ties with regional partners and agreed a roadmap for technical talks with the U.S. aimed at securing a final peace agreement wit...
Belgium has issued 24-hour visas to a Taliban delegation attending European Union migration talks in Brussels, as EU member states explore ways to ret...
U.S. President Donald Trump said that Iran had agreed to nuclear inspections into "infinity, despite Tehran's denials, and that unfrozen Iranian assets would be used to buy humanitarian supplies from the United States.
Bangladesh has called for increased climate financing and faster delivery of support to vulnerable nations, arguing that current global funding commitments fall far short of what developing countries need to tackle the growing impacts of climate change.
Apple is facing a £3 billion lawsuit in the United Kingdom after a competition tribunal approved a major collective action over its iCloud storage service.
Iran has strengthened ties with regional partners and agreed a roadmap for technical talks with the U.S. aimed at securing a final peace agreement within two months.
At least thirteen people have died and sixty-six have been injured following an explosion at Qatar's main liquefied natural gas (LNG) processing hub at Ras Laffan, authorities said on Sunday.
Tehran has agreed to let the International Atomic Energy Agency (IAEA) recommence inspections of its nuclear programme, U.S. Vice President JD Vance has said. The U.S. and Iran have settled on a 60-day roadmap aimed at reaching a final deal, according to mediators Qatar and Pakistan.
Armenia and Azerbaijan have agreed on a landmark internet deal that will allow traffic to pass through Azerbaijani networks.It's the latest deal to highlight the ongoing peace process between the two countries.
A Ukrainian strike has damaged a school building in a Russian-controlled area of Ukraine’s Zaporizhzhia region, according to local authorities cited by the TASS news agency. No injuries were reported in the incident.
Three students have been killed and at least seven injured after two of their peers opened fire in a high school in the Philippines, police said. A spokesperson for the police said the two suspects, aged 14 and 15, had been arrested and a police pistol confiscated. Bullying is a possible motive.
Bangladesh has called for increased climate financing and faster delivery of support to vulnerable nations, arguing that current global funding commitments fall far short of what developing countries need to tackle the growing impacts of climate change.
Apple is facing a £3 billion lawsuit in the United Kingdom after a competition tribunal approved a major collective action over its iCloud storage service.
Amnesty International has accused the European Union of being complicit in human rights abuses after authorities in eastern and western Libya intensified a crackdown on migrants and refugees through mass arrests, detentions and expulsions.
Belgium has issued 24-hour visas to a Taliban delegation attending European Union migration talks in Brussels, as EU member states explore ways to return some Afghans convicted of serious crimes or considered security threats.
Peter Murrell, the former chief executive of Scotland's governing Scottish National Party (SNP), has been jailed for five years and three months after admitting to embezzling more than £400,000 from the party over a 13-year period
You can download the AnewZ application from Play Store and the App Store.
What is your opinion on this topic?
Leave the first comment