Qantas Breached and Customers are Fuming

Posted: Wednesday, Jul 02

KBI.Media
$
Qantas Breached and Customers are Fuming

Karissa Breen, crowned a LinkedIn ‘Top Voice in Technology’, is more commonly known as KB. A serial Entrepreneur that Co-Founded the TMFE Group, a holding company and consortium of several businesses all relating to cybersecurity including, an industry-leading media platform, a marketing agency, a content production studio, and the executive headhunting firm, MercSec. KBI.Media is an independent and agnostic global cyber security media company led by KB at the helm of the journalism division. As a Cybersecurity Investigative Journalist, KB hosts her flagship podcast, KBKast, interviewing cybersecurity practitioners around the globe on security and the problems business executives face. It has been downloaded in 65 countries with more than 300K downloads globally, influencing billions in cyber budgets. KB asks hard questions and gets real answers from her guests, providing a unique, uncoloured position on the always evolving landscape of cybersecurity. As a Producer and Host of the streaming show, 2Fa.tv, she sits down with experts to demystify the world of cybersecurity and provide genuine insight to businesses executives on the downstream impacts cybersecurity advancement and events have on our wider world.

i 3 Table of Contents

Qantas Breached and Customers are Fuming

From Karissa Breen

Earlier today it was announced across mainstream media channels that Qantas suffered a data breach, affecting approximately six million customers. The breach was linked to a cyber attack targeting a third-party platform used by the prominent airline’s contact centre.

Exposed information includes names, email addresses, phone numbers, and frequent flyer membership numbers, and possibly other data. Importantly, Qantas confirmed that no financial data or login passwords were compromised.

“Based on initial review, Qantas says that stolen data from this breach includes customer names, email addresses, phone numbers, birth dates and frequent flyer numbers. Because this breach just occurred, we don’t have the full extent of all of the data that may have been exposed as a result.” Commented Satnam Narang, Senior Staff Research Engineer at Tenable.

We sincerely apologise to customers impacted by a recent cyber incident that occurred in one of our contact centres. The system is now contained.

We’re currently contacting customers to make them aware of the incident, apologise and provide details on support available to them.…

— Qantas (@Qantas) July 2, 2025

Source: X

“What we do know is that so far, it hasn’t been shopped for sale by any threat actors. There are indications that this bears a resemblance to attacks conducted by the threat actors collectively known as Scattered Spider. While recent attacks against airlines have been reported, none have been attributed to the hacking group thus far.” Added Narang.

Scattered Spider is a cybercriminal group known for targeting enterprises, especially in North America, with sophisticated social engineering and identity based attacks.

This incident follows a previous issue in May 2024, where a defect in the Qantas app allowed some users to view other passengers’ personal travel details, such as names, flight information, and frequent flyer status. Qantas attributed this to a caching issue and confirmed it was not a result of a cyber attack.

Customers of the airline took to X formerly known as Twitter to hit back online against the airline’s apologies.

😂😂 pic.twitter.com/oxfRv9Cmoc

— Open the Pod 🇦🇺✈️✈️🐭 (@AirBo55) July 2, 2025

Source: X

“For users whose personal information may have been exposed, the biggest risk is follow on social engineering attacks targeted against them. If passwords end up becoming part of the stolen data, then credential stuffing attacks, where attackers attempt to reuse stolen credentials on other sites, are likely to follow.”

It’s time to stop out sourcing and putting customers before obscene profits . #qantas #anotherfailure @AlboMP it’s time to make companies accountable for thier failed cyber security.

— Julie (@Jp88Julie) July 2, 2025

Source: X

“However, users should ensure they use strong and unique passwords on each site, but most importantly, be sure that multi-factor authentication (MFA) is enabled on sensitive accounts to prevent credential stuffing attacks from being successful.”

Over the coming weeks and months, users must remain vigilent. Any email that informs you that your flight has been delayed or changed, or your personal information has been compromised should be considered as untrusted information without additional verification.

This is a developing story with new information or developments still unfolding. KBI.Media is expecting to ammend and expand this article as new details emerge.