Qantas Airways is grappling with a serious data breach after a cyberattack compromised the personal information of approximately six million customers. On June 30, the airline detected "unusual activity" on its contact center’s third-party service platform, leading to concerns about data security. According to a company press release, the breach includes names, email addresses, phone numbers, birth dates, and frequent flyer numbers, yet it reassured customers that sensitive information such as passport details, credit card information, and personal financial data was not affected.
In response to the breach, Qantas took immediate action to contain the situation and has since been cooperating with law enforcement agencies, including notifying the Australian Federal Police and the Australian Cyber Security Centre. Qantas Group CEO Vanessa Hudson extended an apology to customers and encouraged anyone with concerns to reach out to a dedicated support line. She emphasized that there would be no impact on the airline's operations or safety.
The timing of this breach is particularly alarming as it follows a recent FBI alert indicating that the airline industry is increasingly targeted by cybercriminals, especially the group Scattered Spider. Other airlines, such as Hawaiian Airlines and Canada’s WestJet, have faced similar attacks in the past weeks.
This incident forms part of a broader trend, as Australia has experienced a significant rise in data breaches this year. Previous attacks have affected organizations like AustralianSuper and Nine Media. Notably, the Office of the Australian Information Commissioner revealed that 2024 was the worst year for data breaches since 2018. Australian Privacy Commissioner Carly Kind urged both private and public sectors to enhance security measures in the face of escalating cyber threats.
