- Qantas suffered a cyberattack in early June 2025
- A radical investigation has now positioned the variety of affected people at 5.7 million
- Passwords and fee knowledge is protected, however crooks took names, addresses, and different PII
Qantas has confirmed delicate info on 5.7 million prospects was exfiltrated within the latest cyberattack it suffered.
Australia’s largest airline mentioned it not too long ago noticed an intrusion after a menace actor focused a name heart, and accessed a third-party buyer servicing platform. Initially claiming that six million folks had been affected, Qantas has now got here ahead with extra exact figures.
In a press launch revealed on the corporate’s web site, it mentioned the attackers took 4 million buyer names, e-mail addresses, and Qantas Frequent Flyer particulars. For the remaining 1.7 million, in addition they stole postal addresses, dates of delivery, telephone numbers, gender, and meal preferences.
Scattered Spider
Bank card particulars, private monetary info, passport particulars, in addition to passwords, PINs, and different login particulars, weren’t compromised, because the knowledge wasn’t even held by the corporate, Qantas confirmed.
It mentioned that it had began notifying affected prospects of the breach, and urged them to stay vigilant and independently confirm the identification of unsolicited callers.
The corporate didn’t say who the menace actors had been, or in the event that they tried to deploy any ransomware.
Nonetheless the incident shares many similarities with different assaults not too long ago made by the group referred to as Scattered Spider, a financially motivated hacking group recognized for concentrating on giant US corporations utilizing social engineering and SIM-swapping methods.
This group has not but claimed duty for this assault – however in latest weeks, a number of experiences have emerged of airways being hit by cyberattacks, with Hawaiian Airways confirmed struggling an assault and each WestJet and GlobalX struggling the identical destiny not too long ago too. The FBI even launched an advisory, warning US corporations about Scattered Spider actions.
At press time, there was no proof that the stolen knowledge was launched to the wild. Nonetheless, Qantas mentioned it continues “actively monitoring” the online, with the assistance of specialist cybersecurity specialists.
