Highlights
Qantas Airways reports data breach involving external customer service platform
Millions of customer records exposed, including frequent flyer information
Incident adds to mounting cybersecurity concerns across Australia’s corporate sector
Qantas Airways (ASX:QAN), a key component of the ASX 100, has reported a cybersecurity breach involving a third-party customer service platform. The airline disclosed that the compromised system exposed personal data tied to a substantial portion of its customer base. The breach was detected at the end of June, prompting a swift response from the carrier.
Although the platform’s access has been secured, the scope of the breach remains substantial, with names, contact details, dates of birth, and frequent flyer numbers believed to be among the exposed data. The airline has confirmed that sensitive information such as passport numbers, payment credentials, and account passwords were not compromised.
Scattered Spider Group Linked to Rising Threats Against Airlines
The breach has been attributed to a broader campaign involving the group referred to as Scattered Spider, a cyber entity previously flagged by international security agencies. This group has been noted for targeting high-profile institutions, with the aviation sector being a notable focus in recent alerts.
In response to the Qantas incident, relevant Australian cyber authorities and law enforcement have been notified. Internal investigations are ongoing to determine the full extent of the breach and to reinforce existing digital frameworks.
Airline Operations and Flight Systems Remain Secure
Despite the exposure of customer data, Qantas has clarified that no core operational systems or flight safety functions were impacted. The carrier continues to operate normally across domestic and international routes, with all critical systems functioning as expected.
Qantas stated that the affected external platform was isolated from its primary IT infrastructure. Measures are being implemented to bolster the security of third-party integrations and prevent recurrence of similar incidents.
Calls for Stronger Cyber Measures Across Public and Private Sectors
This event adds to a growing list of high-profile cyber incidents affecting major Australian corporations in recent times. The frequency and scale of such breaches have prompted increased calls for heightened cybersecurity measures across both government and commercial sectors.