Qantas Breached and Customers are Fuming

Posted: Wednesday, Jul 02

KBI.Media
$
Qantas Breached and Customers are Fuming

Karissa Breen, more commonly known as KB, is crowned a LinkedIn ‘Top Voice in Technology’, and widely recognised across the global cybersecurity industry. A serial entrepreneur, she is the co-founder of the TMFE Group, a portfolio of cybersecurity-focused businesses spanning an industry-leading media platform, a specialist marketing agency, a content production studio, and the executive headhunting firm, MercSec. Now based in the United States, KB oversees US editorial operations and leads the expansion of the group’s media footprint across North America, while maintaining a strong presence in Australia, and the broader global market. She is the former Producer and Host of the streaming show 2Fa.tv, and currently sits at the helm of journalism for the group’s flagship arm, KBI.Media, the independent cybersecurity media company. As a cybersecurity investigative journalist, KB hosts her globally-renowned podcast, KBKast, where she interviews leading cybersecurity practitioners, CISOs, government officials including heads-of-state, and industry pioneers from around the world. The podcast has been downloaded in over 65 countries with more than 400,000 global downloads, influencing billions of dollars in cybersecurity budgets. KB is known for asking the hard questions and extracting real, commercially relevant insights. Her approach provides an uncoloured, strategic lens on the evolving cybersecurity landscape, demystifying complex security issues and translating them into practical intelligence for executives navigating risk, regulation, and rapid technological change.

i 3 Table of Contents

Qantas Breached and Customers are Fuming

From Karissa Breen

Earlier today it was announced across mainstream media channels that Qantas suffered a data breach, affecting approximately six million customers. The breach was linked to a cyber attack targeting a third-party platform used by the prominent airline’s contact centre.

Exposed information includes names, email addresses, phone numbers, and frequent flyer membership numbers, and possibly other data. Importantly, Qantas confirmed that no financial data or login passwords were compromised.

“Based on initial review, Qantas says that stolen data from this breach includes customer names, email addresses, phone numbers, birth dates and frequent flyer numbers. Because this breach just occurred, we don’t have the full extent of all of the data that may have been exposed as a result.” Commented Satnam Narang, Senior Staff Research Engineer at Tenable.

We sincerely apologise to customers impacted by a recent cyber incident that occurred in one of our contact centres. The system is now contained.

We’re currently contacting customers to make them aware of the incident, apologise and provide details on support available to them.…

— Qantas (@Qantas) July 2, 2025

Source: X

“What we do know is that so far, it hasn’t been shopped for sale by any threat actors. There are indications that this bears a resemblance to attacks conducted by the threat actors collectively known as Scattered Spider. While recent attacks against airlines have been reported, none have been attributed to the hacking group thus far.” Added Narang.

Scattered Spider is a cybercriminal group known for targeting enterprises, especially in North America, with sophisticated social engineering and identity based attacks.

This incident follows a previous issue in May 2024, where a defect in the Qantas app allowed some users to view other passengers’ personal travel details, such as names, flight information, and frequent flyer status. Qantas attributed this to a caching issue and confirmed it was not a result of a cyber attack.

Customers of the airline took to X formerly known as Twitter to hit back online against the airline’s apologies.

😂😂 pic.twitter.com/oxfRv9Cmoc

— Open the Pod 🇦🇺✈️✈️🐭 (@AirBo55) July 2, 2025

Source: X

“For users whose personal information may have been exposed, the biggest risk is follow on social engineering attacks targeted against them. If passwords end up becoming part of the stolen data, then credential stuffing attacks, where attackers attempt to reuse stolen credentials on other sites, are likely to follow.”

It’s time to stop out sourcing and putting customers before obscene profits . #qantas #anotherfailure @AlboMP it’s time to make companies accountable for thier failed cyber security.

— Julie (@Jp88Julie) July 2, 2025

Source: X

“However, users should ensure they use strong and unique passwords on each site, but most importantly, be sure that multi-factor authentication (MFA) is enabled on sensitive accounts to prevent credential stuffing attacks from being successful.”

Over the coming weeks and months, users must remain vigilent. Any email that informs you that your flight has been delayed or changed, or your personal information has been compromised should be considered as untrusted information without additional verification.

This is a developing story with new information or developments still unfolding. KBI.Media is expecting to ammend and expand this article as new details emerge.