Qantas Airways has suffered one of Australia’s largest data breaches in recent years, after a hacker infiltrated a third-party customer service platform and accessed sensitive personal information of up to six million customers. The airline confirmed the breach in a statement on Wednesday, calling it a major security incident as it continues efforts to restore public trust after previous reputational setbacks.
According to Qantas, the hacker gained access via a call centre system, compromising data including names, email addresses, phone numbers, birth dates, and frequent flyer numbers. While the airline has not disclosed the exact location of the breached call centre or the geographic scope of affected customers, it said the breach was discovered after detecting unusual activity, prompting immediate containment actions.
Also Read: Punjab Launches Cyber Patrol Cell to Curb Online Hate During Muharram
“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” Qantas stated. The airline added that there has been no impact on flight operations or passenger safety.
The breach comes amid growing concerns over coordinated cyberattacks on global airlines. Just last week, the FBI warned that the cybercrime group Scattered Spider had been targeting aviation companies, with Hawaiian Airlines and WestJet already reporting similar incidents. While Qantas has not officially attributed the breach to any group, experts suspect familiar tactics may have been used.
“Given the scale and coordination, it’s plausible this is part of the same playbook,” said Mark Thomas of Arctic Wolf. Charles Carmakal, CTO at Google-owned cybersecurity firm Mandiant, advised global airline operators to remain vigilant against social engineering attacks.
Following the breach announcement, Qantas’ shares fell 2.4% in afternoon trading, underperforming a broader market rise of 0.8%.