Qantas cyber attack exposes data of up to 6 million customers, Scattered Spider suspected

Qantas Airlines has confirmed a significant cyberattack that may have exposed the personal records of up to six million customers.

The airline announced on Wednesday that the compromised system, a third-party platform utilized by its contact centre, has now been contained and secured.

The breach, first detected on Monday, involved customer names, email addresses, phone numbers, birth dates, and frequent flyer numbers.

Crucially, Qantas stated that credit card details, financial information, passport details, frequent flyer accounts, passwords, PINs, or login details were not compromised. Despite the containment, the airline anticipates a “significant” portion of the data has been stolen.

While the identity of the attackers remains unconfirmed by authorities, the tactics bear similarities to the notorious “Scattered Spider” ransomware group.

This unusual hacking collective, comprising native English speakers from countries including the UK, US, and Canada, has recently targeted airlines and retail stores in the US and UK. The FBI issued a warning last week about the group’s focus on the aviation sector, noting its use of social engineering to impersonate employees and bypass multi-factor authentication.

Qantas CEO Vanessa Hudson has issued an apology to customers, acknowledging the uncertainty caused by the incident. The airline has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police. It has also engaged independent cybersecurity experts for a thorough investigation.

A dedicated customer support line and website page have been established to keep affected individuals informed. This incident underscores a growing trend of cyberattacks in Australia, with data breaches increasing by 25% in 2024, highlighting the complex cybersecurity challenges faced by companies relying on third-party systems.

What to do if you think you’ve been affected by Qantas cyberattack:

Vonny Gamot, Head of EMEA at online protection company, McAfee, advises:

1. “Assume You’re Affected – even if you haven’t received notification, assume your information may have been compromised if you’ve been a customer. Companies often take weeks to identify all affected individuals.”
2. “Change Your Passwords Immediately – start with the account you have for the airline, then move to any accounts that share the same password. Use strong, unique passwords for each account. This is non-negotiable. In 2025, password reuse is one of the fastest ways to turn a single breach into multiple compromised accounts.”
3. “Enable Two-Factor Authentication Everywhere – if you haven’t already, enable two-factor authentication (2FA) on all accounts that support it, starting with email, banking, and shopping accounts. This adds a crucial second layer of security.”
4. “Monitor Your Financial Accounts – check bank statements, credit card bills, and investment accounts for any unusual activity. Set up account alerts if you haven’t already, many financial institutions offer real-time transaction notifications.”
5. “Consider online protection tools that can keep your info safe with early alerts that show you if your data is found on the dark web. McAfee’s Scam Detector can also alert you to suspicious text messages and emails that you receive, which is particularly valuable in the aftermath of a breach when criminals often launch targeted phishing campaigns using stolen contact information.”