Qantas Airways said a cyberattack compromised the personal details of around six million customers, marking one of Australia's most significant data breaches in recent years.
The airline has disclosed that a hacker accessed personal data via a third-party customer service platform, in what the airline described as a major cyber security breach.
The compromised information includes names, contact details, birth dates and frequent flyer numbers, though Qantas said passwords, PINs and login credentials were not affected. There was no impact on flight safety or operations, the airline said.
The breach was detected after unusual activity was noticed on a call centre platform operated by an external vendor. Qantas has not identified the vendor or the specific group responsible but confirmed the incident is under investigation.
“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” Qantas said in a statement.
The airline reported the incident to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. The ACSC declined to comment, while the AFP said only that it was aware of the incident.
The U.S. Federal Bureau of Investigation recently warned that a cybercrime group known as Scattered Spider has been targeting airlines. Although Qantas has not attributed the attack to any specific group, cybersecurity experts said the incident shared hallmarks of similar breaches.
Charles Carmakal, chief technology officer at Mandiant, a cybersecurity firm owned by Alphabet, said it was too early to confirm if Scattered Spider was responsible. However, he warned that airlines globally should be on “high alert” for social engineering attacks.
Mark Thomas, Australian director at cybersecurity company Arctic Wolf, said the apparent scale and coordination of recent airline breaches is “particularly alarming.”
Qantas shares were down 2.4% in afternoon trading, underperforming the broader market, which was up 0.8%.
The breach comes at a sensitive time for the airline, which is attempting to rebuild trust following reputational damage during and after the COVID-19 pandemic. The carrier previously faced public backlash over mass layoffs, cancelled ticket sales, and controversy surrounding its influence on government aviation policy.
Chief Executive Vanessa Hudson, who took office in 2023, said the airline was taking the incident seriously.
“We recognise the uncertainty this will cause,” she said. “Our customers trust us with their personal information and we take that responsibility seriously.”
The incident is among the most high-profile cyber breaches in Australia since attacks on telecommunications giant Optus and insurer Medibank in 2022. Those cases led to tougher cyber resilience laws, including mandatory compliance and incident reporting.
Kazakhstan and Hungary have announced plans to construct an intermodal terminal in Budapest, due for completion by 2026....
Microsoft has stopped providing certain services to a unit within the Israeli Ministry of Defence following reports that the military was using the co...
U.S. President Donald Trump said on Thursday he could lift sanctions against Türkiye’s defence industry “very soon,” depending on the outcome o...
Türkiye and the U.S. signed a memorandum of understanding on Thursday aimed at strengthening cooperation in nuclear energy, Turkish Energy and Natura...
Kazakhstan and Hungary have announced plans to construct an intermodal terminal in Budapest, due for completion by 2026.
U.S. envoy to Türkiye has confirmed that Turkish Airlines’ Boeing aircraft deal is finalized, marking a significant step in expanding the carrier’s fleet.
Microsoft has stopped providing certain services to a unit within the Israeli Ministry of Defence following reports that the military was using the company’s cloud technology for mass surveillance of Palestinians.
U.S. President Donald Trump said on Thursday he could lift sanctions against Türkiye’s defence industry “very soon,” depending on the outcome of his Oval Office meeting with Turkish President Tayyip Erdoğan.
AnewZ has learned that India has once again blocked Azerbaijan’s application for full membership in the Shanghai Cooperation Organisation, while Pakistan’s recent decision to consider diplomatic relations with Armenia has been coordinated with Baku as part of Azerbaijan’s peace agenda.
A day of mourning has been declared in Portugal to pay respect to victims who lost their lives in the Lisbon Funicular crash which happened on Wednesday evening.
A Polish Air Force pilot was killed on Thursday when an F-16 fighter jet crashed during a training flight ahead of the 2025 Radom International Air Show.
Video from the USGS (United States Geological Survey) showed on Friday (19 September) the Kilauea volcano in Hawaii erupting and spewing lava.
At least eight people have died and more than 90 others were injured following a catastrophic gas tanker explosion on a major highway in Mexico City’s Iztapalapa district on Wednesday, authorities confirmed.
Kazakhstan and Hungary have announced plans to construct an intermodal terminal in Budapest, due for completion by 2026.
U.S. envoy to Türkiye has confirmed that Turkish Airlines’ Boeing aircraft deal is finalized, marking a significant step in expanding the carrier’s fleet.
Microsoft has stopped providing certain services to a unit within the Israeli Ministry of Defence following reports that the military was using the company’s cloud technology for mass surveillance of Palestinians.
You can download the AnewZ application from Play Store and the App Store.
What is your opinion on this topic?
Leave the first comment