Qantas Airways said a cyberattack compromised the personal details of around six million customers, marking one of Australia's most significant data breaches in recent years.
The airline has disclosed that a hacker accessed personal data via a third-party customer service platform, in what the airline described as a major cyber security breach.
The compromised information includes names, contact details, birth dates and frequent flyer numbers, though Qantas said passwords, PINs and login credentials were not affected. There was no impact on flight safety or operations, the airline said.
The breach was detected after unusual activity was noticed on a call centre platform operated by an external vendor. Qantas has not identified the vendor or the specific group responsible but confirmed the incident is under investigation.
“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” Qantas said in a statement.
The airline reported the incident to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. The ACSC declined to comment, while the AFP said only that it was aware of the incident.
The U.S. Federal Bureau of Investigation recently warned that a cybercrime group known as Scattered Spider has been targeting airlines. Although Qantas has not attributed the attack to any specific group, cybersecurity experts said the incident shared hallmarks of similar breaches.
Charles Carmakal, chief technology officer at Mandiant, a cybersecurity firm owned by Alphabet, said it was too early to confirm if Scattered Spider was responsible. However, he warned that airlines globally should be on “high alert” for social engineering attacks.
Mark Thomas, Australian director at cybersecurity company Arctic Wolf, said the apparent scale and coordination of recent airline breaches is “particularly alarming.”
Qantas shares were down 2.4% in afternoon trading, underperforming the broader market, which was up 0.8%.
The breach comes at a sensitive time for the airline, which is attempting to rebuild trust following reputational damage during and after the COVID-19 pandemic. The carrier previously faced public backlash over mass layoffs, cancelled ticket sales, and controversy surrounding its influence on government aviation policy.
Chief Executive Vanessa Hudson, who took office in 2023, said the airline was taking the incident seriously.
“We recognise the uncertainty this will cause,” she said. “Our customers trust us with their personal information and we take that responsibility seriously.”
The incident is among the most high-profile cyber breaches in Australia since attacks on telecommunications giant Optus and insurer Medibank in 2022. Those cases led to tougher cyber resilience laws, including mandatory compliance and incident reporting.
The U.S. military is redirecting at least three Iranian-flagged tankers after intercepting them in Asian w...
The European Union adopted its 20th package of sanctions against Russia on Thursday (23 April), introducing sweeping new restrictions aimed at weak...
European Union leaders were set to discuss the bloc’s mutual assistance clause at a summit in southern Cyprus on Thursday, as U.S. President ...
Warner Bros. Discovery shareholders have approved Paramount Skydance’s proposed takeover of the media group, advancing a deal valued at rough...
International cyber agencies on Thursday (23 April) urged organisations to strengthen defences against covert networks used by China-linked hackers...
The U.S. military is redirecting at least three Iranian-flagged tankers after intercepting them in Asian waters near India, Malaysia and Sri Lanka, shipping and security sources said on Wednesday. Meanwhile, Tehran said U.S. breaches, blockades and threats are undermining “genuine negotiations.”
We are not witnessing another cyclical downturn or a temporary geopolitical disturbance. What we are living through is far more profound: a systemic recalibration of the global order. Three long-standing assumptions have quietly collapsed.
The European Union adopted its 20th package of sanctions against Russia on Thursday (23 April), introducing sweeping new restrictions aimed at weakening Moscow’s war economy and limiting its capacity to sustain the war in Ukraine.
Warner Bros. Discovery shareholders have approved Paramount Skydance’s proposed takeover of the media group, advancing a deal valued at roughly $110 billion including debt in a move that could reshape Hollywood and the global entertainment industry.
Iran’s Revolutionary Guards targeted three vessels, seizing two of them for alleged maritime violations and transferring them to Iranian shores, as U.S. President Donald Trump said Washington is extending its ceasefire with Iran until Tehran submits a proposal.
Two local trains collided head-on north of Copenhagen on Thursday (23 April), injuring 17 people, five of them critically, according to emergency services.
The U.S. military has intercepted at least three Iranian-flagged tankers in Asian waters and is redirecting them away from their positions near India, Malaysia and Sri Lanka, shipping and security sources said on Wednesday, exclusively to Reuters.
The U.S. military is redirecting at least three Iranian-flagged tankers after intercepting them in Asian waters near India, Malaysia and Sri Lanka, shipping and security sources said on Wednesday. Meanwhile, Tehran said U.S. breaches, blockades and threats are undermining “genuine negotiations.”
The European Union is preparing its 20th round of sanctions against Russia over the war in Ukraine. The measures are close to being approved, after earlier delays linked to energy concerns in Slovakia and Hungary eased following repairs to the Druzhba oil pipeline.
The European Union adopted its 20th package of sanctions against Russia on Thursday (23 April), introducing sweeping new restrictions aimed at weakening Moscow’s war economy and limiting its capacity to sustain the war in Ukraine.
European Union leaders were set to discuss the bloc’s mutual assistance clause at a summit in southern Cyprus on Thursday, as U.S. President Donald Trump’s criticism of traditional allies raises concerns over his commitment to NATO.
International cyber agencies on Thursday (23 April) urged organisations to strengthen defences against covert networks used by China-linked hackers to conceal malicious activity, Britain’s National Cyber Security Centre (NCSC) said.
SoutSouth Korea’s national data protection agency said on Thursday it had imposed a significant fine on matchmaking service Duo following a cybersecurity failure that led to the leak of highly sensitive personal information.
China has released a military propaganda video hinting at a possible fourth aircraft carrier - its first to be nuclear-powered.
You can download the AnewZ application from Play Store and the App Store.
What is your opinion on this topic?
Leave the first comment