Qantas Airways has confirmed a significant cyberattack affecting a third-party customer service platform used by one of its contact centers, resulting in the exposure of personal data for up to six million customers. The compromised data includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. Importantly, no credit card, financial, or passport information was stored on the affected system, and frequent flyer account credentials (passwords, PINs, logins) were not accessed.
The breach was detected on June 30, 2025, and Qantas responded by immediately containing the compromised system. The airline has assured the public that all core operations and safety protocols remain unaffected.
Connection to Scattered Spider
This incident comes amid a wave of cyberattacks on the aviation sector attributed to the hacker collective known as Scattered Spider. This group is known for sophisticated social engineering tactics, such as impersonating IT staff to gain access to internal systems by tricking employees into revealing passwords or multi-factor authentication codes. Recent breaches at WestJet and Hawaiian Airlines have been linked to Scattered Spider, and the FBI has warned that the group is actively targeting airlines.
While cybersecurity analysts have linked the Qantas breach to Scattered Spider, Qantas itself has not officially confirmed the group’s involvement, and Google’s Mandiant security division has stated it is “too early to tell” if Scattered Spider was responsible in this case.
Qantas’ Response
Qantas has taken several steps following the incident:
• Immediate containment of the affected third-party system.
• Notification of relevant authorities: the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police.
• Enhanced security protocols, including additional restrictions on system access and strengthened monitoring.
• Customer support, offering a dedicated support line for identity protection advice and resources.
Qantas has also advised affected customers to remain vigilant for phishing attempts and to enable multi-factor authentication where possible. The airline has pledged to keep customers updated as the investigation progresses.
