Australia’s Qantas Confirms Cyberattack: 6 Million Service Records Compromised

Australia's national carrier, Qantas Airways Limited, has revealed a cybersecurity incident. The Qantas cyberattack was traced to unauthorized access through a third-party customer service platform used by one of the airline’s contact centers. While the airline assured the public that flight operations and safety were unaffected, it confirmed that personal information of potentially millions of customers had been compromised. In a public statement, Qantas explained, “Qantas can confirm that a cyber incident has occurred in one of its contact centres, impacting customer data. The system is now contained.” The breach, described as criminal in nature, involved the targeting of a third-party system that stored service records for approximately six million customers. Decoding the Qantas Cyberattack According to the press release, Qantas experienced unusual activity on the third-party platform. The airline responded quickly by isolating the system to prevent further access. While the airline emphasized that its internal systems remain secure, the Qantas cyberattack did expose a wide range of customer details. An initial internal review confirmed that names, email addresses, phone numbers, birth dates, and frequent flyer numbers were accessed. However, Qantas reassured customers that more sensitive information, such as credit card numbers, bank details, passwords, PINs, and passport information, was not stored on the compromised platform. Qantas stated, “There is no impact to Qantas’ operations or the safety of the airline.” The airline has since ramped up security protocols, including additional restrictions on system access and heightened monitoring to detect and respond to any further threats. A Qantas spokesperson provided further details about the incident in a statement to The Cyber Express, explaining, “The cybercriminal gained access to the system on Saturday following an interaction with a call centre operator. Our teams identified and contained the threat on Monday morning, and the system was subsequently secured. No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.” Immediate Response and Ongoing Investigation Following the Qantas cyberattack, the airline has taken several security measures. Notifications have been sent to affected customers, along with an apology and details of available support. Qantas also set up a dedicated helpline for identity protection assistance. Concerned customers can call 1800 971 541 or +61 2 8028 0534, where they’ll receive guidance from specialists. The airline has formally notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. Qantas is also working closely with the Federal Government’s National Cyber Security Coordinator and independent cybersecurity experts to investigate the breach and prevent similar incidents in the future. Vanessa Hudson, Qantas Group CEO, addressed the incident in a statement: "We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.” She added, “We are contacting our customers today and our focus is on providing them with the necessary support. We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.” Customer Guidance and Next Steps While the investigation is ongoing, Qantas advises that customers with upcoming travel do not need to take any action. Flight details remain accessible through the Qantas website and mobile app. However, affected individuals are encouraged to stay vigilant, monitor for suspicious activity, and contact Qantas support if they have concerns. Darren Argyle, former Group CISO at Qantas, addressed the recent Qantas cyberattack in a LinkedIn post, emphasizing the airline’s unwavering commitment to customer security. He acknowledged the intense pressure on Qantas’ security teams, noting, “I know how hard these teams work behind the scenes, often under immense pressure when incidents occur.” Argyle also suggested the Qantas cyberattack might be linked to the notorious Scattered Spider group, known for targeting cloud-based services through social engineering attacks. He encouraged customers to stay informed through official channels and be cautious of any unexpected messages related to the incident. This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We will update this story once we have more information on the Qantas cyberattack or any further details from the airline.