Millions of customers have been exposed in the Qantas cyber attack – here’s everything we know so far
Scattered Spider has been touted as a possible culprit behind the Qantas cyber attack
Qantas has become the latest airline to suffer a cyber attack, with data belonging to around six million customers potentially exposed in the incident.
In a statement confirming the breach, the airline said compromised data includes some customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The company insists that no credit card details, passport information, or assorted financial details have been exposed. Similarly, no account passwords, PIN numbers, or login details have been accessed.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
On Monday, Qantas spotted unusual activity on a third-party platform used by a Qantas airline contact center. The airline said it took immediate action upon discovery and is now implementing additional security measures to further restrict access.
Qantas said it has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as the Australian Federal Police.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously," said Qantas Group CEO Vanessa Hudson.
“We are contacting our customers today and our focus is on providing them with the necessary support."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Who’s behind the Qantas cyber attack?
While there's no official word on which group carried out the attack, cybersecurity experts told ITPro all eyes will likely be pointing toward the notorious Scattered Spider group.
Scattered Spider has caused havoc in the retail sector in recent months, targeting UK retailers including Harrods, Co-op and Marks & Spencer (M&S).
The group now appears to be shifting its attention, however. An FBI advisory last week warned the group is now targeting organizations in the aviation industry.
The ransomware gang is believed to be responsible for recent attacks on Hawaiian Airlines and Canada's WestJet.
Toby Lewis, global head of threat analysis at Darktrace, said the Qantas attack bears all the hallmarks of the group so far.
"The attack follows their typical playbook: steal legitimate login credentials to walk into systems where critical security protections often aren't enabled by default, while operating from Western countries to appear as legitimate users and bypass standard security filters," Lewis told ITPro.
"Expect the stolen customer data - names, emails, birthdates, frequent flyer numbers - to fuel convincing phishing campaigns targeting loyalty programs and tricking customers with fake payment requests using real booking details."
It's not known whether Qantas has received a ransom demand - and, if so, whether it's paying up.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
AWS hits back at EU cloud 'gatekeeper' designation hintsNews Gatekeeper designation under the legislation would force AWS and Microsoft to make concessions
-
Is the Top500 meaningless? Not so, says US national laboratory CTOIn-depth LINPACK may measure only one process, but there are real and meaningful use cases for exascale systems
-
Duo accused of role in TfL cyber attack plead guilty after ‘lengthy, highly complex, and painstaking investigation’News Around 10 million people are believed to have been affected by the TfL cyber attack
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
Brit pleads guilty amid Scattered Spider hacking spree claimsNews Tyler Robert Buchanan faces 10 years in jail if found guilty
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businessesNews Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in lifeNews With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion

