July 5, 2025
Qantas has confirmed a major data breach potentially affecting up to six million customers, soon after the FBI warned that the cybercriminal group Scattered Spider had begun targeting the aviation industry.
Just days after the FBI issued a cybersecurity alert warning that the hacking group Scattered Spider had shifted its focus to the aviation sector, Australian airline Qantas has confirmed a data breach that could affect up to six million customers. According to a July 2 statement from Qantas, a cybercriminal infiltrated a third-party call center and gained unauthorized access to a customer servicing platform.
The compromised data includes names, email addresses, dates of birth, and frequent flyer details.
Qantas reports that no credit card or passport information was exposed in the data breach.
The airline stated that it acted promptly upon detecting the breach on July 1, containing the threat and confirming that its core systems remain secure.
“There is no impact to Qantas’ operations or the safety of the airline,” the company stated.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” Qantas Group CEO Vanessa Hudson expressed.
The breach occurred soon after the Federal Bureau of Investigation warned the public that Scattered Spider was now using social engineering tactics to breach aviation networks.
Scattered Spider is a hacking group previously known for targeting retail and insurance companies.
“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,” a spokesperson said.
Experts have raised concerns that such breaches disproportionately impact marginalized communities.
Marginalized groups, such as people of color, low-income families, veterans, immigrants, and individuals with disabilities, often rely heavily on services like healthcare and financial aid, all of which tend to be compromised in cyberattacks.
According to the Sustainability Directory, in healthcare-related breaches, for example, Medicaid recipients and other Black populations are frequently among the hardest hit.
Similarly, communities already facing economic instability are more susceptible to identity theft and credit fraud when their data is exposed.
Ross Brewer, vice president at cybersecurity firm Graylog and a Qantas frequent flyer, said the incident underscored the need for better digital protections.
“While it’s reassuring to know that no passwords, financial data, or identity documents were compromised,” Brewer said.
Brewer continued, “The incident serves as a stark reminder of the importance of robust logging and monitoring practices in cybersecurity.”
Former FBI cybercrime agent Adam Marrè, now with Arctic Wolf, emphasized the broader lesson: “This attack should serve as another reminder of the need for businesses to assess cyber defenses internally and across supply chains.”
He advised that consumers should constantly be vigilant and treat every communication from their airlines — like Qantas — with caution.
RELATED CONTENT: Time To Change Those Passwords After Largest Data Breach In History
