Qantas Reports Cyberattack Affecting 6 Million Customer Accounts

Qantas discloses major cyberattack compromising data of 6 million customers, raising concerns over airline cybersecurity and personal information safety.

July 2, 2025 10:25 AM

2 MIN TO READ

Eva Robinson

Qantas Reports Cyberattack Affecting 6 Million Customer Accounts

Image Credits:

Unsplash

cyber hacker broke into a database that contains the personal information of a million customers, Qantas said, in Australia’s biggest breach in years and a

setback for an airline rebuilding trust after a reputational crisis.

In a statement made on Wednesday, Qantas said that the hacker targeted a call centre and gained access to a third-party customer service platform containing six million names, email addresses, phone numbers, birth dates, as well as frequent flyer numbers.

The airline has not yet specified the location of the call centre or the customers whose information has been compromised. It stated that it learned of the breach after detecting unusual activity on the platform and acted immediately to contain it.

Last week, the US Federal Bureau of Investigation stated that cybercrime group Scattered Spider was targeting airlines and that Hawaiian Airlines and Canada’s WestJet had already reported breaches.

Mark Thomas, Australia director of security services for cyber security firm Arctic Wolf, said, “What makes this trend particularly alarming is its scale and coordination, with fresh reports that Qantas is the latest victim”.

Scattered Spider hackers are known to impersonate a company’s tech staff to gain employee information, passwords, and “it is plausible they are executing a similar playbook," Thomas said.

Charles Carmakal, the chief technology officer of Alphabet-owned cybersecurity firm Mandiant, said it was too soon to say if the hackers were responsible, but “global airline organisations should be on high alert of social engineering attacks".

Qantas’s share price was also down by 2.4% in afternoon trading against an overall market that was up by 0.8%.

Also worth noting is the fact that Australia’s most high-profile case since those of telecommunications network operator Optus and health insurance leader Medibank in 2022 promoted cyber resiliency laws, among which are mandatory reports of compliance and incidents.

The airline also drew the ire of opposition politicians who said it lobbied the federal government in 2022 to refuse a request from Qatar Airways to sell more flights. Qantas, however, denied pressuring the government, which eventually denied the request – a move the consumer regulator said that would trigger price competition.

Qantas CEO Vanessa Hudson has also improved the airline’s public standing since taking office in 2023, as reputation measures demonstrate.

“We recognise the uncertainty this will cause,” Hudson said of the data breach, also adding, “Our customers trust us with their personal information and we take that responsibility seriously."

Also worth noting is that the hacker said that they did not access the frequent accounts or customer passwords, PIN numbers, or login details, reported Reuters.