Qantas Data Breach: 5.7 Million Customers Affected by Cyber Attack

TL;DR

Qantas, Australia’s largest airline, has confirmed that a recent data breach affected 5.7 million customers. The incident involved unauthorized access to a third-party platform used by a call center, resulting in the theft of significant customer data. The airline has implemented additional cybersecurity measures and is working with authorities to mitigate the impact.

Qantas Data Breach: 5.7 Million Customers Affected

Australia’s largest airline, Qantas, has confirmed that a recent data breach impacted approximately 5.7 million individuals. The incident involved hackers gaining access to a third-party platform used by a call center, leading to the theft of substantial customer data. The breach, which has been linked to ongoing Scattered Spider activity, was detected and contained earlier this month.

Details of the Breach

Early in July, Qantas disclosed a cyberattack after hackers accessed a third-party platform used by a call center, stealing significant customer data¹. The breach was detected and contained promptly, but not before a substantial amount of data was compromised. Qantas confirmed that while the system is now secure, the incident resulted in the potential exposure of data from up to 6 million customer service records.

In a statement released by the company, Qantas acknowledged the cyber incident and its impact on customer data². The airline highlighted that core systems remain secure, but data such as names, emails, phone numbers, birth dates, and frequent flyer numbers may have been stolen. Importantly, no financial data, passport details, passwords, or login credentials were compromised.

Extortion Attempts and Customer Notification

Qantas has confirmed that hackers stole data from approximately 5.7 million customers and have begun extortion attempts to prevent its release. The company is currently working to validate the authenticity of these attempts and has engaged the Australian Federal Police due to the criminal nature of the breach³.

In an updated statement, Qantas revealed that its investigation confirmed that 5.7 million unique customers were affected⁴. The analysis of customers’ personal data found the following:

• 4 million customer records included name, email address, and Qantas Frequent Flyer details. Of these:
  • 1.2 million records contained name and email address.
  • 2.8 million records contained name, email address, and Qantas Frequent Flyer number, with many also including tier, points balance, and status credits.
• 1.7 million customer records included a combination of the above data fields and one or more of the following:
  • Address (1.3 million records)
  • Date of birth (1.1 million records)
  • Phone number (900,000 records)
  • Gender (400,000 records)
  • Meal preferences (10,000 records)

Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.

Qantas’ Response and Customer Support

Qantas is now contacting affected customers to inform them of the specific data compromised and provide support. CEO Vanessa Hudson emphasized the airline’s focus on transparency and customer support:

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible.”

Hudson added,

“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”

The airline has implemented additional cybersecurity measures and is continuing its review. Customers are advised to be vigilant for phishing emails pretending to be from Qantas. The airline has notified the Australian Cyber Security Centre, the Privacy Commissioner, and the Federal Police due to the criminal nature of the breach.

Scattered Spider and Industry Warnings

At the end of June, the FBI reported that the cybercrime group Scattered Spider is targeting the airline sector⁵. The cybercriminals are using social engineering techniques to gain access to target organizations by impersonating employees or contractors. In many cases, threat actors employed methods to bypass multi-factor authentication (MFA) by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts.

The FBI alert highlighted that Scattered Spider targets large corporations and their third-party IT providers, making every organization in the airline ecosystem a potential target⁶. The group steals data for extortion and often launches ransomware attacks once inside. The FBI recommends early reporting to help act fast, share intelligence, and limit damage.

Recently, Unit 42 also warned that Muddled Libra, another name for Scattered Spider, is targeting the aviation industry with advanced social engineering and fake MFA reset attempts⁷.

Conclusion

The Qantas data breach serves as a reminder of the ongoing threat of cybercrime and the importance of robust cybersecurity measures. As the airline continues to investigate and mitigate the impact, customers are urged to stay vigilant and take necessary precautions to protect their personal information.

Additional Resources

For further insights, check out these authoritative sources:

• FBI Warning on Scattered Spider Targeting the Airline Sector
• Unit 42 Report on Muddled Libra

References

1. “Qantas Confirms Customer Data Breach Amid Scattered Spider Attacks.” https://securityaffairs.com/179557/cyber-crime/qantas-confirms-customer-data-breach-amid-scattered-spider-attacks.html ↩︎

2. “Qantas Cyber Incident.” https://www.qantasnewsroom.com.au/media-releases/qantas-cyber-incident/ ↩︎

3. “Information for Customers on Cyber Incident.” https://www.qantas.com/sg/en/support/information-for-customers-on-cyber-incident.html ↩︎

4. “Update on Qantas Cyber Incident Wednesday 9 July 2025.” https://www.qantasnewsroom.com.au/media-releases/update-on-qantas-cyber-incident-wednesday-9-july-2025/ ↩︎

5. “The FBI Warns That Scattered Spider Is Now Targeting the Airline Sector.” https://securityaffairs.com/179413/cyber-crime/the-fbi-warns-that-scattered-spider-is-now-targeting-the-airline-sector.html ↩︎

6. “Scattered Spider Cybercrime Group Member Pleaded Guilty.” https://securityaffairs.com/176323/cyber-crime/scattered-spider-cybercrime-group-member-pleaded-guilty.html ↩︎

7. “Muddled Libra Targeting Aviation with Advanced Social Engineering.” https://unit42.paloaltonetworks.com/muddled-libra/ ↩︎