Select Page

QANTAS: in hot water with government as hackers spill millions of customer records

Posted by | Oct 13, 2025 | , ,

QANTAS: in hot water with government as hackers spill millions of customer records

Looks like the flying kangaroo has hopped into another mess. This time, it’s not delayed flights or tray service in Business Class, but something far more serious. As previously reported, hackers have now conducted a massive data breach, dumping personal information for almost 5.7 million Qantas customers onto the dark web.

And Cybersecurity Minister Tony Burke is livid.

“You can outsource parts of your business, but you don’t outsource the law.”

Translation? Just because the breach happened via a third-party provider (reportedly Salesforce), Qantas can’t shrug and say not our problem.

a man standing at a counter in a room with chairs and a plant
Another seating area at the Qantas Business Lounge at Adelaide Airport [Schuetz/2PAXfly]

What’s been leaked

Qantas says the stolen information includes names, addresses, phone numbers, email addresses, dates of birth and frequent flyer numbers, but not financial or passport details. Frequent flyer accounts themselves haven’t been compromised, though that’s probably little comfort to anyone now picturing their name on some hacker’s spreadsheet.

The culprits, calling themselves Scattered Lapsus$ Hunters, reportedly demanded a US$1 million ransom. When Qantas didn’t pay by last Friday (10 October 2025), they published the data online.

Qantas has since called in the Australian Cyber Security Centre, the Federal Police and some seriously caffeinated IT experts. It’s also secured a court injunction to limit further spread of the stolen data. This means others with access to the data on the dark web cannot re-publish it on more traditional and new media, think social media.

Government gets tough

Minister Burke’s message was clear: you can’t contract away your responsibilities. Whether the breach happened inside Qantas HQ or through a contractor’s system, the buck still stops with the airline.

Burke also hinted that very serious penalties could follow if regulators find that Qantas failed to protect customer data adequately. While he hasn’t yet turned his attention to compensation, you can bet the lawyers are sharpening their pencils.

a lobby with a marble floor and a marble floor
The escalator through the circle and the flip board are timeliess. Qantas First Lounge, Sydney [Schuetz/2PAXfly]

What travellers should do now

If you’re one of the millions caught up in this — and let’s face it, if you’ve flown Qantas since Alan Joyce was still in short pants, you probably are — here’s what to do:

  • Don’t panic, but do stay alert. Watch for suspicious emails, texts, or phone calls pretending to be Qantas or another trusted company.
  • If you get a call you weren’t expecting, hang up and call back using an official number. Scammers love to sound convincing.
  • Don’t try to find your data on the dark web. Yes, curiosity kills the cat — and could get you in trouble.
  • Change your passwords (especially if you reuse them elsewhere — naughty!).
  • Enable two-factor authentication on your Qantas Frequent Flyer account and any linked emails.

Burke also warned Australians that hackers are getting more sophisticated, using artificial intelligence to clone voices and run “vishing” scams — fake calls that sound eerily real. So, that ‘Qantas’ operator with the friendly tone and the hold music? Could be an AI con.

The bigger picture

This is just the latest in a line of high-profile data breaches to hit Australia — remember Optus, Medibank, and Latitude? Now it’s Qantas’ turn in the penalty box.

The government has already toughened cyber laws, and you can expect more scrutiny. Expect them to up penalties to an eye-watering level.

For travellers, though, it’s another reminder that in 2025, loyalty programs don’t just hold your points — they hold data on your personal life.

people in a building with a wall and a sign
Entrance to the Qantas lounge precinct at Adelaide Airport [Schuetz/2PAXfly]

2PAXfly Takeout

Qantas needs to tighten its seatbelts on cybersecurity seriously. A few patches and press releases just are not enough to rebuild trust these days.

In the meantime, check your inbox, secure your accounts, and remember: when it comes to dodgy calls, hang up, don’t hook up. Advisors say that you shouldn’t even answer any questions, however innocent. Each fact you give those callers is another piece of data they can attach to your identity.

My practice these days is to politely respond to cold callers who ask if I have solar panels by simply being honest. I say, ‘I’m not going to answer your questions, and please remove my contact details from your database.’ I doubt they will implement my request, but at least I tried.

Related Posts

RYANAIR: 100% digital boarding passes from November 12

RYANAIR: 100% digital boarding passes from November 12

October 2, 2025

EMIRATES: bans power banks on flights from Oct 2025

EMIRATES: bans power banks on flights from Oct 2025

October 1, 2025

PASSPORT: Europe ends passport stamps from October ’25 — what Australians need to know

PASSPORT: Europe ends passport stamps from October ’25 — what Australians need to know

September 30, 2025

TAIWAN: Digital arrivals card for Australian visitors

TAIWAN: Digital arrivals card for Australian visitors

September 29, 2025

Leave a reply

Your email address will not be published. Required fields are marked *

Subscribe

Categories

Previously . . .

Subscribe to the Newsletter

Join our mailing list to receive regular updates about 2PAXfly.

Reviews, deals, offers, and most of all opinion will be in your inbox.

We won't spam you, and we won't share your details with others.

Newsletter Regularity

You have Successfully Subscribed!

Go on - you know you want to.