Qantas has confirmed that a recent cyberattack resulted in sensitive information from 5.7 million customers being stolen. The breach, which hit a third-party customer service platform linked to a Qantas call center, is one of the most serious cybersecurity incidents the airline has faced to date.
Initially, the airline estimated six million affected, but has now provided a more accurate breakdown.
Also read, YouTube Ditches Trending Page in Favor of New Charts Feature
What Data Was Stolen?
In an official press release, Qantas said attackers accessed:
- 4 million customer names, email addresses, and Frequent Flyer details
- For another 1.7 million people, additional data was taken, including:
- Postal addresses
- Dates of birth
- Phone numbers
- Gender
- Meal preferences
- Postal addresses
The airline emphasized that no credit card details, financial data, passport info, or login credentials like passwords and PINs were compromised—mainly because that information wasn’t stored in the breached system.
Who’s Behind the Attack?
While Qantas hasn’t confirmed the attackers, the incident bears a strong resemblance to recent cyberattacks carried out by Scattered Spider, a notorious hacking group known for using social engineering and SIM-swapping to breach big-name companies, especially in the US.
Scattered Spider hasn’t claimed responsibility (yet), but the group has been linked to similar recent attacks on other airlines like Hawaiian Airlines, WestJet, and GlobalX. In fact, the FBI has issued an advisory warning US companies about this group’s activities.
What Happens Now?
Qantas has started notifying impacted customers, and is urging everyone to be cautious—especially when it comes to unsolicited emails or phone calls. The airline recommends verifying identities before sharing personal information.
At the time of writing, there’s no sign the stolen data has been leaked online, but Qantas is actively monitoring the dark web with the help of cybersecurity experts.
While the airline didn’t confirm whether ransomware was involved, this attack highlights just how vulnerable critical infrastructure—like air travel—can be to increasingly sophisticated threats.
Also read, A Cheaper MacBook Might Be Coming — And It Could Be a Game Changer