Qantas Data Breach 2025: Up to 6 Million Customer Records Exposed in Cyber Attack

Jul 8, 2025

Executive Summary

On June 30, 2025, Qantas Airways, Australia’s flagship airline, identified a significant data breach involving a third-party customer service platform. The breach potentially exposed the personal data of up to six million individuals. While operational impacts were avoided and sensitive financial information remains secure, Qantas has acknowledged that the scale of the breach is likely to be substantial.

Incident Overview

Qantas detected “unusual activity” within a third-party platform used by its contact centre. Upon discovery, the airline acted swiftly, taking containment measures to prevent further unauthorized access. The compromised system stored sensitive personal information including:

  • Full names

  • Email addresses

  • Phone numbers

  • Dates of birth

  • Frequent flyer numbers

Fortunately, the breach did not involve the compromise of passport data, credit card information, or any credentials like passwords or PINs related to frequent flyer accounts.

Scope and Impact

The breach has affected up to six million individuals. While the complete extent of the data accessed is still under investigation, Qantas expects the amount of data stolen to be significant.

There is no operational disruption reported for Qantas, and flight safety remains uncompromised.

Response Actions

Qantas has taken the following actions in response to the incident:

  • Immediate system isolation and containment measures.

  • Notified relevant authorities, including:

    • Australian Federal Police

    • Australian Cyber Security Centre (ACSC)

    • Office of the Australian Information Commissioner (OAIC)

  • Launched a dedicated customer support line for affected individuals.

  • Initiated an internal investigation to understand the breach's scope and origin.

Qantas Group CEO Vanessa Hudson issued a public apology and acknowledged the uncertainty caused by the breach.

Threat Actor Attribution

Although no specific group has claimed responsibility for this attack, the timing coincides with a broader FBI warning regarding cyber threats targeting the airline industry, particularly from the group known as Scattered Spider. This group has recently been linked to cyber attacks against other airlines such as Hawaiian Airlines and Canada’s WestJet, as well as major UK retailers.

Broader Context

The Qantas breach is part of a rising trend of high-profile cyber incidents in Australia. Other recent victims include:

  • AustralianSuper

  • Nine Media

According to the OAIC, 2024 was the worst year on record for data breaches in Australia. The Australian Privacy Commissioner, Carly Kind, emphasized the need for enhanced cybersecurity frameworks and warned that both private and public sectors remain highly vulnerable.

ClearPhish Insights

This breach reinforces key trends observed in 2025:

  • Third-party vendors remain a critical weak point in corporate cybersecurity.

  • Airline and transportation sectors are high-value targets due to the volume and sensitivity of customer data.

  • Organizations must adopt zero trust principles, including access control, real-time monitoring, and third-party risk management.

ClearPhish recommends enterprises conduct thorough audits of all external platforms and vendors handling sensitive data, and to have a robust incident response plan in place.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries
Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries
Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries
Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries

Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries

Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries

Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries

Payroll Pirate Attacks: Storm-2657 Hijacks University Workday Accounts to Steal Salaries

Oct 10, 2025

New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign
New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign
New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign
New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign

New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign

New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign

New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign

New Android Spyware “ClayRat” Masquerades as WhatsApp, TikTok & YouTube in Global Espionage Campaign

Oct 10, 2025

CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities
CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities
CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities
CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities

CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities

CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities

CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities

CISA Urges Immediate Patching as ArcaneDoor Hackers Exploit Three Cisco Zero-Day Vulnerabilities

Sep 26, 2025

Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard
Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard
Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard
Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard

Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard

Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard

Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard

Cyberattack Grounds Flights Across European Airports: Heathrow, Brussels, Berlin Hit Hard

Sep 22, 2025

Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign
Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign
Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign
Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign

Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign

Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign

Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign

Fake Meta “Account Suspension” Emails Deliver StealC Malware via FileFix Phishing Campaign

Sep 19, 2025

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack
ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack
ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack
ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

ShinyHunters Breach Exposes 1.5 Billion Salesforce Records via Drift OAuth Hack

Sep 18, 2025

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.