SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital lock network data nodes connections shadow thief cybersecurity protection
#
MFA
#
Breach Prevention
#
Data Privacy

Zero Trust vital in cybersecurity strategies in wake of Qantas breach

Fri, 4th Jul 2025
Author image
By Shannon Williams, News Editor

Cybersecurity experts have highlighted the continued significance of personal information to cybercriminals and the varied threats posed by data exposures—even when the most sensitive financial information is not compromised.

It comes following a major recent data breach at the Australian airline Qantas.

Qantas warned a "significant" amount of customer data was likely stolen from its records during a cyber attack this week.

The airline released a statement saying that, on Monday, it detected unusual activity on a third-party platform used by a Qantas airline contact centre.

It said said six million customers had service records in this platform.

Qantas said it was investigating the proportion of the data that had been stolen, though it expected it would be "significant".

A Qantas spokesman said the majority of affected customers are Australian, but some are off-shore.

David Stuart, cybersecurity evangelist at Sentra, pointed to a phenomenon he describes as "data blindness."

He says, "While organisations have both a reason and obligation to protect all customer data, often only the most sensitive data is secured. In the Qantas case, it appears that passports, credit cards, and other very sensitive data were not impacted. However, general customer PII was, and it is feared that 6 million records were disclosed."

Stuart warns that even data such as names, email addresses, and frequent flyer numbers can, when combined, enable impersonation, fraud, or account takeover.

Stuart advocates for comprehensive monitoring of data activity and a proactive approach to identifying risk, rather than relying solely on securing the highest-value data. "Monitoring data activity for unusual patterns... is one method that has proven to provide early warning to such threats. Organisations must also be acutely aware of where their data resides—and its risk levels—so they can be proactive, not just reactive," he advises.

Rob Allen, Chief Product Officer at ThreatLocker, echoed the importance of adopting a Zero Trust model in cybersecurity strategies. "Zero Trust means to deny by default, allow by exception—regardless of if they're inside your network perimeter or not," Allen explains. He emphasises that conventional reactive approaches are insufficient in today's threat landscape.

Allen also provides practical guidance for individuals concerned about the effects of data exposures. He urges the use of strong, unique passwords, the implementation of multi-factor authentication, and a high degree of caution towards phishing attacks. "The more information that attackers have on you, the more convincing that they can make their phishing attacks," Allen warns.

As AI becomes increasingly embedded both in daily life, concerns over both emotional development and data privacy are intensifying.

Related stories
DigiCert sees record UltraDNS DDoS surge in December 2025
Arctic Wolf named Chubb’s preferred MDR cyber partner
Fortinet lifts outlook as SASE growth, USD $1bn buyback
Exclusive: Federal agencies poised for digital revolution, says SAP
Netskope unveils data lineage tool for AI governance

Top stories

Siemens unveils virtualised substation protection platform
Guardsquare buys Verimatrix XTD to boost mobile security
Flare sees rapid MSSP uptake of external threat intel
Palo Alto revamps NextWave to reward AI security platforms
Chainguard hits 500m container manifests with AI boost