Qantas Cyberattack: Data of 6 Million Passengers Stolen in Ransomware Attack

Australian airline Qantas has confirmed a major cybersecurity breach that exposed the personal data of more than six million customers. The attack—linked to a notorious cybercriminal group—marks one of the largest data compromises in the country’s aviation history.

Key Details of the Breach

The breach was first detected on July 1, 2025, originating from a third-party system used by one of Qantas’ call center service providers.

Stolen Customer Data:

• Full names
• Email addresses
• Phone numbers
• Dates of birth
• Frequent flyer numbers

Data Not Compromised:

• Payment information
• Passport data
• Passwords or PINs
• Login credentials

Qantas emphasized that no sensitive authentication information had been exposed. However, the sheer volume and nature of the stolen personal data still pose a serious risk of identity theft and phishing attacks.

Qantas’ Response

Following the incident, Qantas took swift action:

• Reported the breach to the Australian Federal Police (AFP).
• Notified affected customers, urging caution against phishing and scams.

Issued clear communication guidelines, stating:

“Official communications will ONLY come from email addresses ending in @qantas.com. We will never ask for passwords, booking codes, or personal details via phone, text, or email.”

The airline is working closely with cybersecurity experts and government authorities as the investigation continues.

Who’s Behind the Attack?

Investigators suspect the threat actor Scattered Spider, a cybercrime group known for high-profile ransomware attacks on the aviation sector.

🕷️ Scattered Spider: A Familiar Name

• Previously linked to WestJet (Canada) and Hawaiian Airlines (USA)
• Uses social engineering and supply chain attacks, often targeting contractors and third-party vendors
• Identified in a joint warning by the FBI, Mandiant (Google), and Palo Alto Networks

Unlike typical ransomware operators who exploit technical vulnerabilities, Scattered Spider is notorious for manipulating people—convincing employees or vendors to grant access unintentionally.

What Should Customers Do?

While financial data wasn’t stolen, the exposed information could still be used in phishing campaigns or identity fraud. Qantas urges customers to take the following precautions:

🛡️ Recommended Steps:

• Monitor online accounts for unusual activity
• Enable two-factor authentication (2FA) wherever possible
• Be skeptical of unsolicited emails, texts, or calls asking for personal or financial data
• Do not click on links from unknown sources claiming to represent Qantas

Customers can also check if their email address has appeared in any known breaches using Have I Been Pwned.

Why This Breach Matters

This incident is among Australia’s largest airline-related data breaches and highlights the growing cybersecurity threats facing the aviation sector. Airlines are particularly attractive targets because of the rich customer data they store—often linked to identity verification, travel patterns, and loyalty programs.

The attack also reflects a global trend: hackers increasingly exploiting third-party providers and social engineering instead of targeting core infrastructure directly.

Broader Context:

• Aviation relies heavily on outsourced services and complex IT ecosystems
• Human error and weak supply chain links remain top entry points for cybercriminals
• Regulatory scrutiny is expected to intensify following the Qantas breach

Final Word

The Qantas cyberattack is a stark reminder that even large, well-resourced organizations are vulnerable—especially when third-party vendors come into play.

With ransomware groups like Scattered Spider continuing to evolve, security must go beyond firewalls and software updates. It’s about people, partners, and preparation.

Qantas has pledged to provide updates as the investigation unfolds. In the meantime, customers are encouraged to remain vigilant.