Qantas Airlines faces a massive storm as a significant data breach compromises up to six million customer profiles, demanding answers on data security.
At a Glance
● Qantas is investigating a major data breach that could affect up to six million past and present customers.
● The breach occurred via a third-party IT provider and was detected by the airline on June 30.
● Compromised data includes names, emails, phone numbers, dates of birth, and frequent flyer numbers.
● The airline has alerted Australian police and cybersecurity authorities and says more sensitive data like credit cards was not stolen.
A Massive Data Breach Hits Qantas
Qantas Airlines is grappling with a major cybersecurity crisis after discovering that the personal information of up to six million of its customers may have been compromised in a data breach.
The Australian national carrier announced on Tuesday, July 1, 2025, that it had detected the breach on Monday at a third-party IT provider.
The compromised data includes customers’ names, email addresses, phone numbers, dates of birth, and frequent flyer information. Qantas has stressed that more sensitive data, such as passport details, credit card numbers, and flight itineraries, was held on separate systems and was not accessed in the breach.
A Third-Party Failure
The breach did not occur on Qantas’s own main servers but rather at an external company that manages some of the airline’s customer communication systems. The incident highlights the vulnerabilities that exist within complex corporate IT supply chains.
Qantas CEO Vanessa Hudson issued a statement addressing the incident. “Our customers trust us with their personal information, and we take that responsibility seriously,” Hudson said, according to Reuters. “We are contacting our customers today, and our focus is on providing them with the necessary support.” The airline is working with the Australian Federal Police and the Australian Cyber Security Centre to investigate the breach.
Another Blow to a Battered Reputation
The data breach comes at a difficult time for Qantas, which has been working to rebuild its brand reputation after a series of post-COVID controversies. As reported by Al Jazeera, the airline faced scandals under former CEO Alan Joyce, including a high-profile case where it was found to have sold tickets for thousands of flights it had already canceled.
This latest crisis adds to the challenges facing Hudson as she attempts to restore public trust in the “Spirit of Australia.” The breach is also part of a wider trend of cyberattacks in the country. According to the Office of the Australian Information Commissioner, 2024 was Australia’s worst year on record for data breaches, while the FBI has warned that a cybercrime group known as “Scattered Spider” has been actively targeting major airlines.
ALERT—The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.… pic.twitter.com/gowmbsAbBY
— FBI (@FBI) June 27, 2025
