Qantas Hit by Massive Data Breach, Exposing Info of 6 Million Customers

Qantas has confirmed a major cybersecurity breach, with hackers accessing personal data from a third-party customer service platform, marking Australia’s biggest data breach in recent years. The attack compromised names, email addresses, phone numbers, birth dates, and frequent flyer numbers of around six million customers, though login credentials and passwords remain secure.

The breach stemmed from a call centre system, but Qantas did not disclose its location or the specific customer segments affected. Unusual activity on the platform triggered the airline's response, leading to immediate containment efforts. Qantas warned that the amount of data stolen could be “significant,” but confirmed no impact on flight operations or safety.

The incident comes amid rising cyber threats targeting airlines. The U.S. FBI recently warned of increased activity from cybercrime group Scattered Spider, linked to breaches at Hawaiian Airlines and WestJet. While Qantas has not identified the attackers, cybersecurity experts say the methods resemble Scattered Spider’s known tactics—posing as IT staff to harvest employee credentials.

Qantas’ stock fell 2.4% following the news, underperforming a broader market gain. The breach adds to the airline’s reputational challenges following a series of scandals, including illegal layoffs and the sale of tickets for cancelled flights during the COVID-19 pandemic. CEO Vanessa Hudson, who took office in 2023, has been working to rebuild trust.

The airline has reported the breach to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Federal Police. Hudson emphasized that customer data privacy is a top priority, acknowledging the concern this breach may cause.

Qantas joins the ranks of Optus and Medibank as major Australian firms hit by large-scale cyberattacks, highlighting growing risks and regulatory pressure for stronger cybersecurity measures.