QANTAS: Cyber attack exposes data of 6 million customers, including me!

Australia’s largest airline, Qantas, is the victim of a major data breach that could potentially affect 6 million customers. The cyberattack, disclosed on July 2, 2025, involved criminals infiltrating a third-party supplier, reported to be SalesForce by the AFR and accessing customer records.

Personal details, including names, email addresses, phone numbers, dates of birth, and frequent flyer membership numbers were exposed in the breach. Qantas insists that credit cards and passports were not compromised. Urgent warnings for customers to protect themselves against follow-up scams have been issued by Qantas.

Hackers exploit psychology

According to Qantas, the intrusion occurred after an employee at a call centre was tricked by hackers into granting them access to a Salesforce-based customer service platform, which stored the airline’s customer data. This tactic preys on human trust. Cybercriminal groups such as the suspected ‘Scattered Spider‘ are notorious for using psychological manipulation to breach companies’ defenses. They impersonate trusted personnel, like IT support, even using AI-driven voice cloning to sound convincing. The goal is to fool employees into opening the door to secure systems.

The U.S. FBI recently warned that Scattered Spider has been “expanding its targeting to include the airline sector,” after similar breaches were reported at Hawaiian Airlines and Canada’s WestJet.

What data was stolen and what wasn’t

Qantas has confirmed that a significant portion of the data in the breached system was likely stolen. An initial review indicates the following customer information was compromised:

• Contact Details – Names, email and phone numbers
• Personal Data – Dates of birth
• Frequent Flyer Info – Qantas Frequent Flyer membership numbers

Qantas states that financial information was not exposed.

“Importantly, credit card details, personal financial information and passport details are not held in this system.”

Qantas Statement

The hackers did not capture any passwords, PINs, or login credentials, meaning they did not obtain the keys to unlock customer accounts.

Be vigilant

Cybersecurity experts warn that the stolen personal data can still be weaponised in other ways. Home Affairs Minister Tony Burke explained that criminals often use contact information like emails and phone numbers “not so they can publish a phone book” but to launch the next layer of fraud. With enough personal details in hand, scammers could impersonate trusted entities or even the victims themselves, attempting identity theft, phishing scams, or fraudulent account recovery requests.

In past Australian breaches (such as the Optus and Medibank incidents in 2022), stolen data has been used as leverage for ransom or sold on dark web forums to facilitate fraud. Qantas acknowledges the uncertainty and concern this incident may cause for customers.

Qantas responds

Qantas Group CEO Vanessa Hudson has apologised to those affected and stated that the breach was detected on Monday and contained by early Wednesday.

“We recognise the uncertainty this will cause… our customers trust us with their personal information and we take that responsibility seriously.”

Vanessa Hudson, CEO Qantas Group

The airline affirmed that operations and safety were not affected by the cyberattack. Unlike some other high-profile hacks, the attackers in this case have not issued a ransom demand, according to Qantas, and the company has not paid any ransom (consistent with Australian government guidance not to pay cyber ransoms).

Qantas has brought in external cybersecurity experts to review the incident and bolster defences. The airline is collaborating with the Australian government’s National Cyber Security Coordinator, the Australian Cyber Security Centre (ACSC), and cybersecurity firm CyberCX to analyse the breach and improve safeguards.

Qantas also notified federal authorities, including the Office of the Australian Information Commissioner and the Australian Federal Police.

Contacts for affected customers

A dedicated customer support line has been established to assist affected individuals, and the airline is proactively contacting customers whose data was stored in the compromised system. If affected, you should have received some kind of contact already. I’ve received two emails: one is a general statement about the hack, and the second one indicates that my personal information was likely accessed during the breach.

‘Regular updates will be available on our dedicated webpage. We’ve also established a dedicated support line for affected customers on 1800 971 541 or +61 2 8028 0534, with access to specialist identity protection advice and resources through this team. ‘

Email to affected customers from Qantas

This cyberattack is a blow to Qantas as it works to rebuild trust after previous public relations issues. Hudson, who became CEO in 2023, has spent two years trying to improve Qantas’ reputation following pandemic-era disruptions and customer dissatisfaction. So far in 2025, Qantas’ business had been recovering – its share price was up about 16% before the breach – but news of the hack sent Qantas shares down roughly 2% on Wednesday. The incident is also Australia’s most high-profile breach since 2022, when massive hacks at Optus and Medibank affected millions and prompted new cyber security laws. The government now expects companies to have robust internal protections rather than relying solely on third-party vendors for security, a point underscored by this attack.

How Qantas Customers Can Protect Themselves

In light of the Qantas breach, here are some important steps customers should take to protect their data and accounts:

1. Be Wary of Scams and Phishing: Treat any unexpected call, SMS, or email referencing the Qantas breach with scepticism. Do not click on links in emails purporting to be from Qantas. Never divulge personal details over the phone to unsolicited callers. Scammers may impersonate Qantas representatives or other companies to exploit the situation. If you are in doubt, please contact Qantas directly using the official contact number or website.
2. Monitor Your Accounts: Keep an eye on your Qantas Frequent Flyer account and other financial accounts for any unusual activity. Qantas has stated it will send notification emails if unusual login attempts are detected on frequent flyer accounts. If you receive such alerts or notice suspicious transactions (such as unexpected point redemptions), report them to Qantas immediately. It’s also wise to review your credit reports and bank statements in the coming months as a precaution.
3. Stay Informed: Watch for further communications from Qantas about the breach. The airline is contacting affected customers with guidance and has set up a support line for inquiries. Follow any instructions provided by Qantas, such as steps to verify your identity or secure your account. Remain alert to news updates. If the investigation reveals that more sensitive data was compromised, you may need to take additional protective measures.

Although not advised by Qantas, you may take this opportunity to update your Qantas login details. Especially if they are not unique and don’t use a strong password.

2PAXfly Takeout

Cyber experts underscore that vigilance is key in the aftermath of such incidents. Never reuse the same password across multiple services, and consider enabling any available multi-factor authentication for added security.

The Qantas hack highlights how even well-regarded companies can be breached through human factors. The lesson is that individuals must remain proactive about safeguarding their own personal data. By taking the precautions above and remaining vigilant to potential scams, you can minimise your risk. These steps will protect you from cyber fraud in the wake of this incident.