In a serious escalation of cybersecurity breaches on the aviation industry, the Qantas data breach has exposed six million customers’ personal details. Uncovered on June 30, the breach was from a third-party site used by Qantas’ customer contact centre where sensitive passenger details were stored.
The compromised data include names, phone numbers, email addresses, birthdays, and frequent flyer numbers. Although Qantas has assured that credit card numbers, passport numbers, or passwords were not exposed, cybersecurity experts are cautioning the company that the breach is a significant threat for identity theft, phishing, and fraud access to accounts.
Qantas Group CEO Vanessa Hudson offered an apology for the breach, which came in response to public outcry and a commitment to making further disclosures. “We sincerely apologise to our customers and we acknowledge that this will cause doubt,” she said in an official statement.
What Was Compromised?
Preliminary Qantas investigations confirmed that details on the third-party system included:
- Customer names
- Email addresses
- Mobile and landline phone numbers
- Dates of birth
- Qantas Frequent Flyer membership numbers
Importantly, money and passport details, as well as passwords, were not accessed on the compromised platform. Qantas assured clients that their frequent flyer accounts remain secure and no login details have been accessed. Nevertheless, cybersecurity specialists report that stolen data can still be exploited in password reset scams or social engineering attacks.
“The information that has been hacked is used by many companies to identify people. So the information could be used to do password resets on many other accounts,” explained UNSW Professor Richard Buckland.
Airline Cooperating with Authorities and Experts
When it discovered “unusual activity” on the system, Qantas said that it had instantaneously quarantined the breach and initiated a comprehensive investigation. The airline later notified the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC).
Qantas is also closely working with CyberCX, a leading cyber-security firm, to determine the extent of the breach and implement further protection. While the investigation is ongoing, early estimates indicate that the attack bore the mark of Scattered Spider, a well-known cybercrime group recently active in the aviation sector.
What Is Scattered Spider?
Scattered Spider gang, or Muddled Libra, have been linked to a series of high-profile global cyberattacks on the finance, insurance, retail, and now aviation firms. The FBI recently issued a warning on social media platform X that Scattered Spider was actively targeting airline IT ecosystems and their third-party service providers.
Rather than employing advanced hacking tools in isolation, the group is also renowned for social engineering, deceiving employees into revealing credentials or opening malicious links. These practices are reported to have been used in the Qantas data breach but the airline has not yet been able to identify the attackers.
Cybersecurity analysts believe the vulnerability may have been through the Manila-based call centre working for Qantas, where attackers may have tricked employees into dropping login credentials or sensitive access details.
Growing Tide of Cyberattacks in Australia
The Qantas data breach follows a disturbing trend of top-level cyber incidents in Australia. Earlier this year, AustralianSuper and Nine Media both suffered significant data breaches. The OAIC indicates that 2024 has seen the worst year for Australian data breaches since compulsory reporting began in 2018.
Australian Privacy Commissioner Carly Kind commented in the following statement earlier this year warning:
“The trends that we are seeing are that the threat of data breaches, especially by the activities of malicious people, is not going to abate.”
Kind further emphasized that companies, particularly those handling sensitive customer information, must spend on robust cyber defenses and third-party risk mitigation.
What Qantas Customers Should Do?
Qantas has begun to contact impacted customers and set up a dedicated customer service number and webpage. While the airline says not all six million records were accessed, it expects the number of affected accounts to be “substantial.”
Impacted customers should:
- Monitor their email and mobile accounts for unusual activity
- Be cautious of phishing emails or messages that purport to be from Qantas or other organizations
- Don’t click on suspicious links or give other personal information
- Change passwords on accounts with the same personal information
- Enable multi-factor authentication (MFA) where possible
Professor Buckland issued a critical warning: “It’s quite possible this could be used to log into the frequent flyer system by claiming you’ve lost a password, and trying to do some sort of password reset.”
Industry on High Alert
The Qantas breach has sent shockwaves through the aviation world, provoking fears throughout the Asia-Pacific region. In the last two weeks alone, Hawaiian Airlines and Canada’s WestJet have both been hit with the same sort of breaches. The FBI, cyber security firms, and aircraft regulators are now working more together to contain the danger represented by such criminal syndicates as Scattered Spider.
Cybersecurity firm Unit 42, which has been tracking the group, also recommends that airlines, technology partners, and customer contact centers remain prime targets.
“Organizations should look for sophisticated and targeted social engineering attacks as well as out-of-pattern MFA reset requests,” said Sam Rubin, SVP of Threat Intelligence at Unit 42.
Bottom Line
The Qantas data breach is not only a technical breakdown; it is an aviation sector and corporate world wake-up call. As consumers begin to distrust how their details are stored and used, corporations must turn cybersecurity into an enterprise-wide operational imperative, not an IT issue
Qantas’s swift action and public acknowledgment have been applauded by some, but there is still a worry about the security practices of its third-party suppliers and whether the airline is ready to prevent such leaks from occurring again in the future.
In the meantime, the six million Qantas passengers potentially affected are being urged to be on guard, and so should the rest of Australia.
Please join our Telegram Channel for the latest aviation updates.
