Qantas is alerting customers after detecting a cyber attack on a third-party customer service platform used by its contact center. The airline identified malicious activity on a system that stores personal information for approximately six million individuals, including names, email addresses, phone numbers, birth dates, and frequent flyer numbers. The volume of data accessed is expected to be “significant.”

Qantas has reported the breach to the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner. CEO Vanessa Hudson issued a public apology, acknowledging the uncertainty the breach may cause and encouraging concerned customers to reach out via a dedicated hotline.

The breach adds to a growing list of recent cybersecurity incidents within the aviation industry and in Australia more broadly, with similar attacks recently affecting Hawaiian Airlines, WestJet, and major Australian organizations like AustralianSuper and Nine Media. Authorities have linked many of these attacks to the cybercriminal group Scattered Spider, which is under investigation for a string of global breaches.

This event highlights the critical importance of proactive cybersecurity measures, especially when handling large volumes of public and customer data. Organizations must strengthen defenses, conduct regular third-party risk assessments, and ensure rapid threat detection and response to prevent costly breaches. Inadequate protections not only expose sensitive information but can also lead to lasting reputational damage, legal liabilities, and erosion of public trust. Being a responsible steward of data means investing in cybersecurity before incidents occur, not just responding after the fact. Read more about this story on our LinkedIn page