Scattered Spider | Qantas Cyber Breach

Qantas Cyber Breach: What Happened and What It Means for Customers

Published July 2025

You are likely aware by now that Qantas Airways was hit by a significant cyberattack that exposed the personal data of approximately six million customers.

The breach occurred via a third-party customer service platform used by one of the airline's call centres. It is believed that cybercriminals used a form of social engineering, impersonating a Qantas employee, to gain unauthorised access to sensitive data.

The compromised data included customers' names, email addresses, phone numbers, dates of birth, and Frequent Flyer numbers. Importantly, Qantas confirmed that no financial details, passwords, or passport information were accessed.

A hacking group known as Scattered Spider is suspected to be behind the attack. The group has previously been associated with sophisticated phishing and "vishing" (voice phishing) tactics to infiltrate large corporations.

Qantas CEO Vanessa Hudson stated that the breach was promptly contained and that no ransom demand had been made. The airline is currently working with Australian cybersecurity authorities and external security experts to investigate the incident and further strengthen their digital infrastructure. Affected customers are being contacted and offered identity protection services.

This incident has amplified concerns about data security in outsourced and offshore operations, with critics questioning the resilience of third-party systems and the oversight of customer data. It has also raised calls for stronger penalties and accountability for corporate data breaches. Under current Australian privacy laws, fines for serious data breaches can reach up to $50 million.

In a separate incident earlier in May 2024, Qantas suffered a technical error in its mobile app that inadvertently revealed customer details to other users. While unrelated to the cyberattack, it further dented customer confidence and highlighted vulnerabilities in the airline's digital systems.

As Qantas works to rebuild trust, this breach serves as a powerful reminder of the importance of proactive cybersecurity, especially in high-profile and data-intensive industries like aviation.

Related blogs: Strengthening Cyber Resilience: Logi-Tech's Recommendations Following the Qantas Data Breach

References:

1. News.com.au. Qantas gives update on mass cyber incident. Retrieved July 2025 from: https://www.news.com.au/travel/travel-updates/incidents/qantas-gives-update-on-mass-cyber-incident/news-story/66cd7e824a93650b001acb47e04b9ff2

2. The Australian. 'Hallmarks of Scattered Spider': Six million hit in Qantas cyber attack. Retrieved July 2025 from: https://www.theaustralian.com.au/business/aviation/six-million-qantas-customers-caught-in-cyber-attack-on-database-storing-personal-information/news-story/b34b88d4580a26219cdb59018dbacddd

3. SmartCompany. Qantas data breach: What you need to know and how to stay protected. Retrieved July 2025 from: https://www.smartcompany.com.au/tourism/qantas-data-breach-customer-warning-scam-protection

4. ABC News. Qantas confirms technology issue caused app data breach. Retrieved July 2025 from: https://www.abc.net.au/news/2024-05-03/qantas-confirms-technology-issue-caused-app-data-breach/103802206

5. Adelaide Now. If companies want our data, they need to protect it. Opinion by Caleb Bond. Retrieved July 2025 from: https://www.adelaidenow.com.au/news/opinion/caleb-bond-if-we-give-companies-our-personal-data-they-need-to-look-after-it-properly-or-face-the-costs/news-story/198dc459a1a24d7d4129e27616a62a73

6. The Australian. Qantas customers seek compensation for theft of personal details. Retrieved July 2025 from: https://www.theaustralian.com.au/business/aviation/qantas-cyber-attack-customers-seek-compensation-for-theft-of-personal-details/news-story/fcad288bd903cada0cd2164511dbe1cd