SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Locked shield over australian map with digital network lines cybersecurity
#
UC
#
Firewalls
#
Data Protection

Qantas cyberattack raises concerns for 6 million customers

Thu, 3rd Jul 2025
Author image
By Catherine Knowles, Journalist

Qantas Airways has confirmed it has fallen victim to a major cyberattack, potentially compromising the personal data of up to 6 million customers.

The breach, which is believed to have originated through a third-party platform used by the airline's contact centre, has drawn heightened concern over the exposure of sensitive passenger records during peak travel season.

Peak travel season makes airlines a top target

According to statements issued by airline representatives, the volume of data that may have been accessed is understood to be "significant", though the precise nature of the compromised information is still under investigation. The incident follows a series of similar attacks targeting airlines in the US and Canada, where the aviation sector's reliance on vast troves of sensitive personal and operational data, and its intricate network of technology partners, has left it vulnerable to increasingly sophisticated cybercriminals.

Jon Abbott, CEO of ThreatAware, stressed that the attack comes at a time when airlines are running at high demand. "This cyber incident just shows that, in peak travel season, as many airlines are running at high demand and full capacity, cybercriminals are ready to strike," Abbott said. "It follows a spate of attacks on other US and Canadian airlines, an industry which handles vast amounts of sensitive passenger and operational data and has a complex ecosystem of third party providers - all of which makes it susceptible to attacks from cybercriminals seeking to exploit any points of vulnerability."

Abbott emphasised the essential nature of cybersecurity fundamentals: "This comes down to the fundamentals of security from visibility of all endpoints, great cyber hygiene and robust user validation. This is a sector where trust, safety and operational uptime are everything. Protecting this critical infrastructure becomes increasingly challenging. However, it's vital the industry keeps pace - no matter where the attack originates from the impact and responsibility lies with the airlines."

Opportunistic targeting utilises social engineering

The methods used in this latest incident bear a striking resemblance to those employed by the Scattered Spider ransomware collective, which has previously targeted airlines and retail organisations in both the US and UK.

Brett Winterford, Vice President of Threat Intelligence at Okta, outlined the profile and tactics of the threat actors implicated in this and similar breaches. "This attack has all the hallmarks of a group of loosely affiliated individuals that collaborate and share their tradecraft in a forum called 'TheCom'," Winterford commented. He described the threat actors as "young, globally distributed but most often from Western countries", motivated both by profit and the aspiration of gaining notoriety among their peers.

Winterford added, "Their targeting is opportunistic. If they enjoy success against a target in any given industry, they'll rinse and repeat against similar organisations. We've observed this in attacks on the gaming sector, on the UK retail sector, on insurance and now in aviation." He further explained that these attackers focus on speed and are not deterred by the risk of being identified: "They often target the business process outsourcing (BPO) partners of their targets. Historically they have identified that account recovery flows present opportunities to compromise accounts that are otherwise well protected."

One key aspect highlighted by Winterford is the use of social engineering to breach organisations: "They are often observed tricking a helpdesk operator into resetting the credentials of a privileged user. On occasion, they will simply bribe the helpdesk operator into resetting the credentials of a privileged user." This approach underscores the ongoing risk posed by the human element in cybersecurity.

Cyber defences are only as strong as human teams

Rick Swancott, General Manager of Sales at Servers Australia, echoed the necessity of considering the human factor in digital defences. "While the cause of this breach is still being assessed, incidents like this highlight the need for a broad approach: cybersecurity isn't just about technology - it's about people too. Social engineering remains one of the most effective ways to bypass even the most secure systems. That's why educating both employees and third-party partners must be a core part of any security strategy. Awareness and vigilance at every level are essential to protecting customer data."

The breach at Qantas thus throws into sharp relief the multifaceted nature of today's cyber threats. As airlines and other critical infrastructure sectors continue to digitise and outsource key functions, security experts warn that investment in both technological solutions and comprehensive human-focused programmes is essential to safeguard customer trust and operational continuity.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Exclusive: Media.com helps verify users amidst Australia’s U16 social media ban
Networking as a financial catalyst: Unlocking true cost efficiency
Agentic AI surge in 2026 sparks fresh cyber security risks
AI-driven cyber threats spur surge in intel spending
TXP warns on low code, AI overload & supplier risk in 2026

Top stories

Keeper links identity security alerts into ServiceNow
Precision Group unites IT & ESG for SGP+S Level 3
Safe AI coaches staff to cut cyber attack errors
AI reshapes cyber threats as experts warn on automation
Tenable hack of Copilot AI agent exposes fraud risks