Qantas Hit by Large-Scale Cyberattack Impacting Millions of Customer Profiles
A serious cybersecurity incident has affected the Australian airline Qantas, compromising the personal information of up to six million individuals. The breach, which targeted a third-party platform used by Qantas’ customer service centre, was detected on June 30 during a routine systems check.
Scope of the Breach Still Unfolding
Qantas reported that the unauthorized access included names, phone numbers, email addresses, dates of birth, and frequent flyer numbers. The company emphasized that no passwords, PINs, or financial details like credit card numbers were part of the compromised data. Passport information was also not stored in the affected platform.
While the total scope of the breach remains under investigation, Qantas acknowledged that the number of impacted customer records could be substantial.
Swift Response and Containment Measures
According to a public statement, Qantas immediately isolated the affected system and launched a full investigation in collaboration with cybersecurity experts. The company also notified federal authorities, including the Australian Federal Police, the Office of the Australian Information Commissioner (OAIC), and the Australian Cyber Security Centre.
Vanessa Hudson, CEO of Qantas Group, issued an apology, expressing regret over the incident and assuring customers that airline operations remain unaffected. A dedicated support line has been established to address customer concerns.
Airline Sector Faces Persistent Threats
The incident is part of a growing wave of cyberattacks targeting the global airline industry. Earlier warnings from international law enforcement agencies identified a group called Scattered Spider as actively targeting aviation systems.
In recent weeks, carriers such as Hawaiian Airlines and WestJet have also reported similar breaches. These coordinated cyberattacks have raised alarms about systemic vulnerabilities in third-party systems used across the aviation sector.
A Wake-Up Call for Australian Cybersecurity
This breach adds to a troubling trend in Australia, which has seen a record number of data leaks in recent years. In March, the OAIC reported that 2024 marked the highest volume of data breaches since reporting began in 2018. Previous high-profile incidents involved organizations like AustralianSuper and Nine Media.
Australian Privacy Commissioner Carly Kind commented that the frequency and sophistication of attacks by malicious actors is escalating. She called on both public institutions and private companies to enhance their data protection protocols.
“Cyber threats are not going away. The need for proactive investment in cybersecurity has never been more urgent,” Kind said.
Looking Ahead
As Qantas continues its forensic analysis, it has pledged to update affected customers and enhance system safeguards. The breach underlines the necessity for robust cyber risk management, particularly for companies handling vast amounts of personal data.
Organizations are being reminded that even indirect breaches through third-party systems can result in significant reputational and legal consequences.
