Qantas Data Breach Compromises Up to Six Million Customer Records in Major Cybersecurity Incident

Qantas, Australia's flagship airline, has confirmed a significant data breach impacting the personal information of up to six million customers. The breach, detected on 30 June 2025, involved a third-party platform used by the airline's customer service centre and has raised new concerns over cybersecurity in the aviation sector.

According to a statement from Qantas, "unusual activity" was identified on the platform, which stores sensitive personal information including names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. Upon detection, the airline took immediate steps to contain the incident and isolate the affected system.

While the full scale of the breach is still under investigation, Qantas has admitted that the volume of data compromised is expected to be "significant." However, the airline has reassured customers that no financial data, credit card details, passport numbers, or frequent flyer passwords were stored on the compromised system.

The company has notified the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC). Customers potentially affected by the breach are being contacted directly, and Qantas has established a dedicated support line for inquiries.

Despite the breach, Qantas emphasized that flight operations and passenger safety remain unaffected.

This incident comes amid growing concerns about cybersecurity in the airline industry. Just days prior, the FBI issued an alert warning that aviation companies are being actively targeted by Scattered Spider, a cybercriminal group believed to be behind recent attacks on Hawaiian Airlines and Canada's WestJet.

The same group has also been linked to a wider wave of attacks on major UK retailers, including Marks & Spencer (M&S).

The Qantas breach is one of several high-profile incidents to hit Australian organizations in 2025. Other victims include AustralianSuper and Nine Media, adding to what experts are calling an escalating national cybersecurity crisis. The OAIC recently released figures revealing that 2024 was the worst year on record for data breaches in Australia since statistics began in 2018.

With cyber attacks becoming increasingly sophisticated and frequent, the Qantas incident underscores the urgent need for heightened digital security across essential industries-especially those handling sensitive consumer information on a global scale.