JULY 2 – Qantas is contacting prospects after a cyber assault focused their third-party customer support platform.
On 30 June, the Australian airline detected “uncommon exercise” on a platform utilized by its contact centre to retailer the information of six million individuals, together with names, e mail addresses, telephone numbers, delivery dates and frequent flyer numbers.
Upon detection of the breach, Qantas took “quick steps and contained the system”, based on a press release.
The firm remains to be investigating the complete extent of the breach, however says it’s anticipating the proportion of knowledge stolen to be “important”.
It has assured the general public that passport particulars, bank card particulars and private monetary info weren’t held within the breached system, and no frequent flyer accounts, passwords or PIN numbers have been compromised.
Qantas has notified the Australian Federal Police of the breach, in addition to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
“We sincerely apologise to our prospects and we recognise the uncertainty this can trigger,” mentioned Qantas Group CEO Vanessa Hudson.
She requested prospects to name the devoted assist line if they’d considerations, and confirmed that there could be no impression to Qantas’ operations or the protection of the airline.
The assault comes simply days after the FBI issued an alert on X warning that the airline sector was a goal of cyber prison group Scattered Spider.
US-based Hawaiian Airlines and Canada’s WestJet have each been impacted by related cyber assaults previously two weeks.
BBC revealed that the group has additionally been the key focus of an investigation into the wave of cyber attacks on UK retailers, together with M&S.
The Qantas breach is the newest in a string of Australian knowledge breaches this yr, with AustralianTremendous and Nine Media struggling important leaks previously few months.
In March 2025, the Office of the Australian Information Commissioner (OAIC) launched statistics revealing that 2024 was the worst yr for knowledge breaches in Australia since information started in 2018.
“The traits we’re observing counsel the specter of knowledge breaches, particularly by means of the efforts of malicious actors, is unlikely to decrease,” mentioned Australian Privacy Commissioner Carly Kind in a press release from the OAIC.
Ms Kind urged companies and authorities companies to step up safety measures and knowledge safety, and highlighted that each the non-public and public sectors are susceptible to cyber assaults.
By BBC
