Qantas Data Breach: What You Need to Know
If you’ve flown with Qantas recently, your personal information may be in the hands of cybercriminals. The Australian flag carrier confirmed that hackers linked to the notorious Scattered Spider group have leaked data belonging to nearly 6 million customers following a breach that originated in July 2025 .
How Did the Qantas Data Breach Happen?
The breach didn’t target Qantas directly—at least not at first. Instead, attackers exploited a vulnerability in a third-party booking platform used by the airline. This allowed them to siphon off a massive trove of customer records containing names, email addresses, and frequent flyer details .
While sensitive data like passport numbers, payment details, or passwords were not compromised, the exposure of contact information still poses serious risks, including phishing scams and identity theft.
Who’s Behind the Attack?
Cybersecurity researchers have tied the breach to a threat actor known as ScatteredLAPSUSHunters, a subgroup associated with the Scattered Spider collective—a group infamous for targeting major corporations through social engineering and supply chain attacks .
The group claimed responsibility for the breach and later published the stolen data online in early October 2025, weeks after Qantas first disclosed the incident in July .
Timeline of the Qantas Cyber Incident
| Date | Event |
|---|---|
| Early July 2025 | Initial breach occurs via third-party platform |
| July 17, 2025 | Qantas issues first public update, states no evidence of data misuse yet |
| October 7, 2025 | Hackers leak customer data online |
| October 8–12, 2025 | Qantas confirms data exposure and notifies affected customers |
What Should Affected Customers Do?
- Monitor your inbox for suspicious emails—especially those impersonating Qantas.
- Enable two-factor authentication (2FA) on your Qantas Frequent Flyer account.
- Avoid clicking unknown links in messages claiming to be from the airline.
- Check for official communications from Qantas via their verified website: qantas.com.
A Wake-Up Call for Aviation Cybersecurity
This incident underscores a growing trend: cybercriminals are increasingly targeting third-party vendors to reach major corporations. For Qantas, the breach wasn’t a failure of its own systems—but of a partner’s security posture .
As airlines digitize more services, the attack surface expands. Experts warn that without stricter vendor security audits, similar breaches could become routine across the aviation industry.
Qantas’ Response
The airline has launched an internal investigation, engaged external cybersecurity firms, and is cooperating with the Australian Cyber Security Centre (ACSC). They’ve also promised to improve third-party risk management protocols moving forward .
