Qantas Airways has confirmed a significant cyber incident at one of its contact centres, resulting in the exposure of personal data belonging to up to six million customers.
The breach, which was detected on Monday, occurred when a cybercriminal gained unauthorized access to a third-party customer servicing platform used by a Qantas call centre.
Qantas responded swiftly, containing the compromised system and assuring the public that all core airline operations and safety protocols remain unaffected.
Initial investigations reveal that the compromised data includes customer names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
Importantly, no credit card details, personal financial information, or passport details were stored on the affected platform.
Qantas emphasized that frequent flyer accounts, passwords, PINs, and login credentials were not accessed during the incident.
Technical Details and Threat Actor Involvement
The attack was executed through a third-party platform compromise, a growing vulnerability as airlines increasingly rely on external vendors for customer service operations.
Cybersecurity analysts have linked the incident to the Scattered Spider threat group, known for targeting the aviation sector with sophisticated social engineering tactics.
These include impersonating IT staff to obtain employee passwords or multi-factor authentication (MFA) codes, allowing attackers to bypass security barriers and access sensitive systems.
The breach type is classified as a data breach via third-party platform compromise, with only the external contact centre system impacted—all internal Qantas systems remain secure.
The incident highlights the risks associated with supply chain attacks and underscores the necessity of robust access controls and continuous system monitoring.
Response, Customer Support, and Security Measures
Qantas has taken several steps in response to the breach:
- Immediate containment of the affected third-party system.
- Notification of the Australian Cyber Security Centre, Office of the Australian Information Commissioner, and the Australian Federal Police.
- Enhanced security protocols: Additional restrictions on system access, strengthened monitoring, and engagement with independent cybersecurity experts.
- Dedicated support line: Customers can call 1800 971 541 or +61 2 8028 0534 for identity protection advice and resources.
Customers with upcoming travel do not need to take any action, as flight operations and bookings are unaffected.
However, Qantas advises all affected individuals to remain vigilant for phishing attempts and to enable multi-factor authentication where possible.
The incident is now under active investigation, with Qantas pledging to keep customers informed through official channels as more information becomes available.
Technical Glossary:
- Data breach: Unauthorized access and retrieval of sensitive information.
- Third-party platform: An external system or service provider integrated into an organization’s operations.
- Social engineering: Manipulative tactics used by attackers to trick individuals into divulging confidential information.
- Multi-factor authentication (MFA): A Security process requiring multiple forms of verification to access an account.
- Supply chain attack: A Cyberattack targeting less-secure elements in an organization’s supply network.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?resize=1600,900&ssl=1&description=The breach, which was detected on Monday, occurred when a cybercriminal gained unauthorized access to a third-party customer servicing platform used by a Qantas call centre.){kind=link}