[aviation news]
In a troubling development, Qantas has confirmed that a potential cybercriminal contacted the airline following a recent cyberhacking incident.
The significant data breach exposed the personal information of up to 6 million customers. The incident occurred on June 30, 2025.
It raised concerns about cybersecurity vulnerabilities in third-party systems and the growing threat of ransomware attacks.
The Qantas Data Breach: What Happened?
On June 30, 2025, Qantas disclosed that hackers gained unauthorised access to a third-party customer servicing platform. This was likely operated through a call centre in Manila, Philippines.
The breach compromised sensitive customer data, including names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
Fortunately, no credit card details, passports, or login credentials were accessed, limiting the potential for immediate financial fraud.
However, the scale of the breach—potentially affecting 6 million records—makes it one of the largest in Australia’s recent history.
The attack appears to have exploited social engineering tactics. The hacker reportedly impersonated an employee to deceive call centre staff into granting system access.
News reports have noted similarities to methods used by the Scattered Spider hacking group. The group has targeted call centres with sophisticated phishing schemes.
The Federal Bureau of Investigation (FBI) recently issued a warning to U.S. airlines and third-party providers. It urged caution as the group was actively targeting air carriers.
While Qantas has not confirmed the group’s involvement, the incident underscores the risks of relying on third-party vendors for customer service operations.
On July 7, 2025, Qantas revealed that a potential cybercriminal had reached out to the airline. According to ABC Newsthe Qantas Group did not disclose whether a ransom was demanded,
The Australian Federal Police (AFP) are investigating the matter, with Qantas cooperating fully. The AFP emphasized that it is working to verify the legitimacy of the contact. It provided no further details due to the ongoing criminal investigation.
Qantas assured customers that no evidence shows the stolen data was released or misused. The airline is collaborating with cybersecurity experts to monitor the situation and has advised customers to remain vigilant for scams.
The airline opened a dedicated support line (1800 971 541 or +61 2 8028 0534) to assist affected individuals. In a statement, Qantas emphasized its commitment to protecting customer data and urged users to avoid sharing personal information with unverified sources.
Broader Implications
The Qantas breach highlights the growing threat of cyberattacks targeting third-party platforms, which often serve as weak links in corporate security chains.
The Sydney Morning Herald reported on 8 July that Australian businesses face increasing pressure to strengthen cybersecurity protocols, particularly as ransomware incidents surge globally.
The incident also raises questions about the adequacy of oversight for offshore call centres, where data security practices may vary.
For customers, the breach serves as a reminder to monitor accounts for suspicious activity and adopt strong cybersecurity habits. This includes using unique passwords and enabling two-factor authentication.
Qantas’ swift response and transparency have been praised, but the airline now faces the challenge of restoring customer trust.
The Australian Federal Police (AFP) are now investigating the cybercriminal’s intentions. The airline’s proactive measures, including its refusal to speculate on ransom demands, aim to keep the situation under control.
However, the incident underscores the need for robust cybersecurity in an era where data breaches are becoming alarmingly more common.
Share this content:
