Qantas confirmed on Wednesday that it had locked down a system breach linked to a third-party platform due to Qantas Cyberattack. The platform was used by the airline’s call centre & stored data for around 6 million customers. The stolen information includes names, emails, phone numbers, birth dates and frequent flyer numbers. Financial data, passport numbers and credit card details were not part of the breach.
The airline noticed strange activity on Monday. It acted quickly to isolate the problem. Although the full extent of stolen data is still being reviewed, Qantas said the breach could be large.
In an updated message, Qantas said the hacker got into the system through the call centre by breaching a customer service tool managed by a third party.
The person behind the hack is unknown. However, the method used points to a group called “Scattered Spider,” known for hitting airlines and stores in the US and UK. This group is different because its members are native English speakers from countries like the US, UK & Canada.
Last week, the FBI warned airlines about the group. According to a post on X, they use social engineering to trick help desks. By pretending to be workers or contractors, they gain system access and get around security protections.
The FBI says these hackers go after big companies and their vendors, making anyone in the airline chain a possible target. After access is gained, they steal private data and often lock systems with ransomware.
Australia’s cybersecurity minister, Tony Burke, declined to confirm if Scattered Spider was behind this attack. He said companies using outside platforms face extra challenges with cybersecurity.
Qantas alerted the Australian Cyber Security Centre, federal police, and privacy watchdogs. CEO Vanessa Hudson said external experts were called in to investigate. A customer support line and website updates are now live.
Hudson apologized and promised updates on Qantas Cyberattack. “We know this causes concern. We’re reaching out to help our customers,” she said.
Cyber-attacks in Australia are rising. Recent hacks targeted superannuation funds. Government reports show data breaches rose 25% in 2024, mostly caused by phishing and ransomware.