Millions of customers have been exposed in the Qantas cyber attack – here’s everything we know so far
Scattered Spider has been touted as a possible culprit behind the Qantas cyber attack
Qantas has become the latest airline to suffer a cyber attack, with data belonging to around six million customers potentially exposed in the incident.
In a statement confirming the breach, the airline said compromised data includes some customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The company insists that no credit card details, passport information, or assorted financial details have been exposed. Similarly, no account passwords, PIN numbers, or login details have been accessed.
On Monday, Qantas spotted unusual activity on a third-party platform used by a Qantas airline contact center. The airline said it took immediate action upon discovery and is now implementing additional security measures to further restrict access.
Qantas said it has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, as well as the Australian Federal Police.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously," said Qantas Group CEO Vanessa Hudson.
“We are contacting our customers today and our focus is on providing them with the necessary support."
Who’s behind the Qantas cyber attack?
While there's no official word on which group carried out the attack, cybersecurity experts told ITPro all eyes will likely be pointing toward the notorious Scattered Spider group.
Scattered Spider has caused havoc in the retail sector in recent months, targeting UK retailers including Harrods, Co-op and Marks & Spencer (M&S).
The group now appears to be shifting its attention, however. An FBI advisory last week warned the group is now targeting organizations in the aviation industry.
The ransomware gang is believed to be responsible for recent attacks on Hawaiian Airlines and Canada's WestJet.
Toby Lewis, global head of threat analysis at Darktrace, said the Qantas attack bears all the hallmarks of the group so far.
"The attack follows their typical playbook: steal legitimate login credentials to walk into systems where critical security protections often aren't enabled by default, while operating from Western countries to appear as legitimate users and bypass standard security filters," Lewis told ITPro.
"Expect the stolen customer data - names, emails, birthdates, frequent flyer numbers - to fuel convincing phishing campaigns targeting loyalty programs and tricking customers with fake payment requests using real booking details."
It's not known whether Qantas has received a ransom demand - and, if so, whether it's paying up.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
AWS CEO Matt Garman isn’t convinced AI spells the end of the software industryNews Software stocks have taken a beating in recent weeks, but AWS CEO Matt Garman has joined Nvidia's Jensen Huang and Databricks CEO Ali Ghodsi in pouring cold water on the AI-fueled hysteria.
-
Deepfake business risks are growingIn-depth As the risk of being targeted by deepfakes increases, what should businesses be looking out for?
-
Security expert warns Salt Typhoon is becoming 'more dangerous' after Norwegian authorities lift lid on critical infrastructure hacking campaignNews The Chinese state-backed hacking group has waged successful espionage campaigns against an array of organizations across Norway.
-
The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwiseNews Billing itself as the “only place ransomware allowed", RAMP catered mainly for Russian-speaking cyber criminals
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacksNews Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
Scattered Spider evolved massively in 2025 – here’s what to expect in 2026In-depth If 2025 was the year of Scattered Spider, 2026 could see the hacking collective ramp up further
-
Hacked London council warns 100,000 households at risk of follow-up scamsNews The council is warning residents they may be at increased risk of phishing scams in the wake of the cyber attack.
-
Cyber crime group claims successful attack on security firm, crows about it on Telegram – but it was all an elaborate honeypotNews Scattered LAPSUS$ Hunters thought it had access to vast amounts of Resecurity's internal data, but the whole thing was just a set-up
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
