Qantas reveals major data breach affecting millions of customers
- Cybercriminals from the group Scattered Spider broke into Qantas systems, compromising the data of 5.7 million customers.
- The incident involved various types of personal data but did not include payment details or passport information.
- The breach highlights the growing threat of cyber attacks on the airline industry, prompting discussions about enhanced data protection measures.
In Australia, Qantas recently announced a significant data breach that has compromised the personal information of 5.7 million customers. The breach was discovered on June 30, 2025, when Qantas detected unusual activity on a third-party customer service platform, prompting an internal investigation and communication with impacted individuals. The breach is attributed to a hacking group known as Scattered Spider, which has been active in targeting various sectors, including airlines, and is primarily composed of teenagers from the UK and the US. The cyber attack allowed hackers to access sensitive information such as phone numbers, email addresses, home addresses, dates of birth, genders, and even meal preferences. However, Qantas has clarified that no payment details or passport information were stolen during the incident. The company emphasized its commitment to safeguarding customer data and has implemented additional cybersecurity measures in the aftermath of the breach while a forensic investigation is underway. Following the incident, Qantas has actively engaged in notifying the affected customers and providing them with guidance on how to mitigate potential risks resulting from the exposure of their personal data. This includes advising customers to update their passwords across various accounts and monitoring their accounts for any unusual activity. Furthermore, the airline has stressed the importance of maintaining vigilance and utilizing identity protection measures. The situation has raised broader concerns regarding the security of customer data within the airline industry and the increasing frequency of cyber attacks targeting sensitive information. With the rise in such incidents, calls for stricter legal standards for data security have intensified, necessitating discussions on how airlines can better protect customer information in the future. The quick arrests of four individuals allegedly connected to Scattered Spider in the UK highlight a potential shift in the response capabilities of law enforcement agencies to combat cybercrime effectively.