The Qantas Cyber Attack: Why Are Airlines So Vulnerable?

Australian airline Qantas has fallen victim to a cyberattack on its third-party customer service platform, leading to the exposure of personal data belonging to around six million of its customers.

The breach was first noticed by the airline on 30 June, when unusual activity was detected within their contact centre operations system.

While immediate measures were taken to contain the breach, investigators suspect the cybercriminals have succeeded in acquiring vast amounts of sensitive customer data.

What kind of data has been leaked?

The breach allowed cybercriminals to access customer information such as names, email addresses, phone numbers, birth dates and frequent flyer numbers of those who had engaged Qantas support services.

Importantly, the airline affirmed that the affected system did not house credit card details, personal financial information or passport details.

Additionally, frequent flyer account passwords, bank details and login credentials were safeguarded.

Aakin Patel, former Chief Information Security Officer at Harry Reid Airport in Las Vegas, believes that airlines are particularly vulnerable.

“Airlines rely heavily on call centres for a lot of their support needs,” meaning that they are "a likely target for groups like this,” he told CNN following the attack.

Qantas' response

Vanessa Hudson, CEO of Qantas Group, has released a statement on the company's website addressing the breach.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” she says.

Crucially, she confirms that the breach will not impact Qantas flight operations or the airline's safety systems.

In response, Qantas has established a dedicated customer support line and has set up a webpage to keep customers informed about the breach.

Cooperation with the authorities

In addressing the cyberattack, Qantas has informed several Australian authorities, such as the Australian Federal Police and the Australian Cyber Security Centre.

The airline is also are working in collaboration with the Federal Government’s National Cyber Security Coordinator and independent cybersecurity experts to assess the breach's scope.

As part of its response, the airline plans to enhance its security protocols by limiting system access and intensifying its monitoring capacities.

Why cybercriminals are targeting airlines

The attack on Qantas is part of a broader trend impacting the aviation sector.

With increased cyber threats directed at airlines, entities such as the FBI have identified the cybercrime group Scattered Spider as a notable threat.

Other airlines like Hawaiian Airlines and Canada’s WestJet have also faced similar attacks recently, highlighting a rising trend in cyber threats within the industry.

Jeffrey Troy, CEO of Aviation ISAC, says: "Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geopolitical tensions around the world."

A record year for cybercrime

This incident with Qantas adds to a list of notable data breaches Australia has faced in 2025.

Companies like AustralianSuper and Nine Media have similarly suffered significant data leaks.

According to the Office of the Australian Information Commissioner, 2024 marked a severe year for data breaches.

Privacy Commissioner Carly Kind says: “The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish.”

Elliot Dellys, CEO of Australian cybersecurity firm Phronesis Security, believes that Scattered Spider's unconventional structure makes it hard for authorities to bring the group to justice.

“Rather than being composed of a centralised command and control structure like Russian ransomware groups, it is believed to be composed of a disparate group of young hackers living in the United States and United Kingdom,” he explains.

“This makes effective action by law enforcement to take down the group, and its infrastructure, difficult to coordinate and execute.

“If this incident is the result of a third-party compromise, it adds to an increasing list of major Australian organisations that have done their utmost to secure data, just to have it exposed via a third party.”