Qantas Data Breach Exposes 6 Million Records

Date: July 2nd, 2025

By: TheCyberGuyAU

Qantas has confirmed a cyber attack has exposed the personal data of millions of its customers — a stark reminder that no brand, no matter how trusted, is immune.

What happened?

On Monday, Qantas detected unusual activity on a third-party system used by its call centre. That system was compromised, exposing records for 6 million customers.

A “significant proportion” of the data was stolen, including:

  • ✅ Names
  • ✅ Email addresses
  • ✅ Phone numbers
  • ✅ Dates of birth
  • ✅ Frequent flyer numbers

The good news? Qantas says no credit card data, passport numbers, or login credentials were involved.

“Our customers trust us with their personal information and we take that responsibility seriously.”
— Qantas CEO Vanessa Hudson

Who’s behind it?

Qantas hasn’t officially confirmed the attacker, but CyberCX analysts say it appears to be Scattered Spider — an aggressive international threat group.

The FBI recently warned about this group’s focus on aviation and third-party systems.

Why this matters

This breach is a wake-up call for any business using external vendors:

  • ⚠️ Supply chain attacks are real and growing
  • ⚠️ Even non-financial data can be weaponized
  • ⚠️ Vendors must be audited, and response plans tested

Just because passwords weren’t stolen doesn’t mean the data isn’t dangerous.

What Qantas is doing now

  • 🛡️ Quarantined the affected system
  • 📢 Notified impacted customers
  • 🔍 Brought in CyberCX for response
  • 📡 Informed the ACSC, OAIC, and AFP

A hotline and support page have also been launched for affected customers.

What businesses can learn

This should be a red flag for companies in:

  • 🛫 Travel & transport
  • 📞 Outsourced customer service
  • 💻 IT infrastructure and SaaS vendors

Key takeaways:

  • ✅ Audit vendors regularly
  • 🔍 Reassess the value of “non-sensitive” data
  • 📄 Test incident response plans
  • 🎣 Monitor for phishing after breaches

Final Thoughts

6 million records isn’t just a number — it’s 6 million opportunities for phishing, scams, or identity theft.

Cyber threats are evolving. Your security mindset must evolve too.

📥 Want more breakdowns like this?
Follow TheCyberGuyAU for clear, practical cybersecurity insights — simplified for Aussie businesses.

📣 Share this post with your team or clients to raise awareness about supply chain risks.

Let’s make smart security simple.

Share this post

Subscribe to our newsletter

Keep up with the latest blog posts by staying updated. No spamming: we promise.
By clicking Sign Up you’re confirming that you agree with our Terms and Conditions.

Related posts

Cybersecurity Insights

Explore the latest in cyber threats and protection strategies.

Read More