Qantas Airways has confirmed a cyber incident involving unauthorized access to a third-party customer servicing platform used in one of its contact centers, resulting in the exposure of sensitive customer information.
While the airline’s core systems remain unaffected, the breach could potentially impact millions of customers.
The breach was discovered on Monday, June 30, when Qantas detected suspicious activity on a third-party platform linked to its call center operations. The company promptly isolated the affected system, containing the intrusion. An internal investigation is ongoing to assess the full scope of the data compromised. Initial findings suggest that the attacker accessed:
- Customer names
- Email addresses
- Phone numbers
- Birth dates
- Frequent flyer numbers
However, the platform did not store passwords, PINs, credit card details, or passport information, so this wasn’t impacted.
The incident was disclosed publicly by Qantas on July 2, 2025, via an official announcement, which emphasized that flight operations, safety, and core airline systems remain secure and unaffected.
Qantas Airways is Australia’s largest airline and one of the world's oldest continuously operating carriers. With over 6 million customers having service records in the compromised platform, the potential impact is considerable. The company has notified relevant authorities, including the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and the Australian Federal Police. Affected customers are being contacted directly with support information and identity protection guidance.
Though Qantas has not attributed the attack to any specific group, security experts are already weighing in. Mandiant Consulting, a Google Cloud subsidiary, noted that social engineering tactics, including telephone-based deception, are frequently employed by sophisticated threat groups. Charles Carmakal, CTO of Mandiant, referenced Scattered Spider, a financially motivated actor known for phone-based intrusions, as a potential threat archetype, though no direct attribution has been made. He added that while groups like Scattered Spider have previously targeted global firms, including those in Australia, it remains unclear if the recent breach signals a shift toward targeting the airline sector.
Qantas has responded to this incident by tightening access controls, increasing monitoring on the affected platform, and working with external cybersecurity experts. The company’s CEO, Vanessa Hudson, issued a public apology and emphasized that customer trust remains a top priority. A dedicated hotline and support page have been launched to help affected users with identity protection advice.
Leave a Reply