Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Australia's Qantas Airlines Hit by Massive Data Breach Impacting 5.7 Million Individuals




Australia's largest airline, Qantas, has confirmed a massive data breach impacting 5.7 million individuals. The breach occurred when hackers accessed a third-party platform used by Qantas' contact centre, resulting in the theft of significant customer data. While no financial data or login credentials were compromised, the incident highlights the ongoing threat posed by cybercrime groups and the importance of robust cybersecurity measures in protecting sensitive data.



  • Qantas confirmed a massive data breach affecting over 5.7 million individuals.
  • No financial data or login credentials were compromised in the breach.
  • A total of 4 million customer records, including name, email address, and Qantas Frequent Flyer details, were stolen.
  • Additional sensitive data fields such as date of birth, phone number, gender, and meal preferences were also accessed.
  • Customers are advised to watch for phishing emails pretending to be from Qantas.
  • The breach highlights the ongoing threat posed by cybercrime groups and the importance of robust cybersecurity measures.



  • Qantas, Australia's largest airline, has recently confirmed that it was hit by a massive data breach, affecting over 5.7 million individuals. The breach, which occurred in early July, involved hackers gaining access to a third-party platform used by Qantas' contact centre, resulting in the theft of significant customer data.

    The breach, linked to ongoing Scattered Spider activity, was detected and contained on Monday. Qantas confirmed that while the system is now secure, a substantial amount of data was likely compromised during the incident. In a statement published by the company, Qantas acknowledged that hackers accessed a third-party customer servicing platform, resulting in the theft of customer data.

    "The system is now contained," reads the statement. "We understand this will be concerning for customers. We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available." Qantas emphasized that no financial data, passport details, passwords, or login credentials were compromised in the breach.

    The analysis of customers' personal data has revealed a staggering amount of information was stolen. According to Qantas, 4 million customer records are limited to name, email address, and Qantas Frequent Flyer details. Of this, 1.2 million customer records contained both name and email address, while 2.8 million customer records included both name, email address, and Qantas Frequent Flyer number.

    A smaller subset of customers had their records include additional data fields such as date of birth (1.1 million), phone number (900,000), gender (400,000), and meal preferences (10,000). It is worth noting that customer records are based on unique email addresses, meaning customers with multiple email addresses may have multiple accounts.

    The airline has implemented additional cybersecurity measures and continues its review of the incident. Customers are advised to watch for phishing emails pretending to be from Qantas.

    Qantas' CEO, Vanessa Hudson, emphasized the company's focus on transparency and customer support in a statement released after the breach was confirmed. "Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible," she said.

    "From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services." The airline is currently contacting affected customers to inform them of the incident, apologise, and provide details on the support available.

    The breach has also raised concerns about the security of Qantas' systems and the potential for future attacks. In a recent alert, the FBI warned that Scattered Spider, a cybercrime group linked to ongoing APT activity, is targeting large corporations and their third-party IT providers, including those in the airline sector.

    "These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts," reads the FBI alert.

    The incident serves as a reminder of the ongoing threat posed by cybercrime groups and the importance of robust cybersecurity measures in protecting sensitive data. As Qantas continues its review of the incident, it is essential that customers remain vigilant and take steps to protect their personal information.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Australias-Qantas-Airlines-Hit-by-Massive-Data-Breach-Impacting-57-Million-Individuals-ehn.shtml

  • https://securityaffairs.com/179782/data-breach/qantas-data-breach-impacted-5-7-million-individuals.html

  • https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/

  • https://cybersecuritynews.com/apt-attack/


  • Published: Thu Jul 10 05:32:57 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us