Qantas Confirms Major Data Breach Linked to Third-Party Vendor

Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.

The breach was discovered on July 1 2025 when the airline’s cybersecurity team flagged suspicious activity on systems run by an external contact centre provider. Initial estimates, as per Qantas’ press release, indicate that records for up to six million customers may have been exposed, including names, email addresses, phone numbers, dates of birth and frequent flyer numbers. Qantas says no financial data, passwords or passports were affected.

While the company contained the breach quickly, cybersecurity analysts warn this attack fits a pattern that has hit multiple airlines in recent weeks. Security firms and US federal agencies are pointing to the hacking group known as Scattered Spider, which is suspected to be behind similar incidents targeting Hawaiian Airlines ...