Qantas, Australia’s largest airline, has confirmed that a recent cyberattack compromised the personal data of approximately 5.7 million individuals. The breach stemmed from unauthorized access to a third-party platform used by a call center, which allowed attackers to steal a large volume of customer information.
The airline disclosed the incident earlier this month, stating that the breach is believed to be connected to the activity of the cybercriminal group known as Scattered Spider. The threat was detected and contained on a Monday, and Qantas has since confirmed that while the affected system has been secured, a significant amount of customer data was likely accessed during the incident.
Qantas released a statement acknowledging the breach and reassuring customers that they are actively reaching out to those affected. The company is apologizing for the incident and providing support to impacted individuals. The attack was carried out by targeting a call center and exploiting a third-party customer service platform.
Following the detection of unusual activity on the external platform, Qantas quickly took steps to contain the threat. Although core systems remained unaffected, data from up to six million customer service records may have been stolen. Exposed information includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. The airline confirmed that no financial data, passport details, passwords, or login credentials were compromised.
Qantas stated that hackers accessed the data of about 5.7 million customers and have made contact in an attempt to extort the company. Qantas has referred the matter to the Australian Federal Police and has declined to provide further details while the investigation is ongoing.
An updated assessment revealed that the breach affected 5.7 million unique customers. While frequent flyer accounts remain secure and no financial data was accessed, various types of personal information were exposed. The analysis of affected data is as follows:
4 million records included only names, email addresses, and frequent flyer details. Of these:
- 1.2 million had just names and email addresses
- 2.8 million also included frequent flyer numbers, with many showing tier level, points balance, or status credits
The remaining 1.7 million records included combinations of the above data along with:
- Residential or business addresses for 1.3 million customers
- Dates of birth for 1.1 million customers
- Phone numbers for 900,000 customers
- Gender information for 400,000 customers
- Meal preferences for 10,000 customers
These figures are based on unique email addresses, and customers with more than one email address may appear multiple times in the records.
Qantas is now contacting impacted customers to inform them of exactly what data was involved and to offer guidance and support. CEO Vanessa Hudson emphasized that the company is prioritizing transparency and timely communication.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” said Hudson. “From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”
In response to the breach, Qantas has introduced additional cybersecurity measures and is continuing to review its systems. Customers are being advised to stay vigilant, especially for phishing emails impersonating the airline.
The incident has been reported to the Australian Cyber Security Centre, the Privacy Commissioner, and federal authorities, due to its criminal nature.
Ongoing Threat from Scattered Spider
The FBI recently issued an alert warning that the Scattered Spider group is now actively targeting the airline industry. These cybercriminals use social engineering to impersonate employees or contractors and deceive IT help desks into granting access. In many cases, they bypass multi-factor authentication by convincing staff to register unauthorized authentication devices on compromised accounts.
The FBI cautioned that any organization within the aviation ecosystem, including vendors and contractors, could be at risk. The group is known for stealing sensitive data for extortion and often launching ransomware after gaining access.
The FBI encourages early reporting of such incidents to help contain threats, share intelligence across the sector, and prevent further damage.
In a related warning, researchers from Unit 42 at Palo Alto Networks also observed that Muddled Libra, another name for Scattered Spider, is using advanced social engineering tactics and fake MFA reset requests to target aviation companies.
Organizations in the sector are being urged to remain alert and to closely monitor for suspicious activity and attempts to manipulate help desk services.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
