Qantas has confirmed that a cyber incident has been contained in one of its contact centres, impacting customer data.
In a
statement, the company advised, “On Monday 30 June 2025, we detected unusual activity on a third-party platform used by a Qantas airline contact centre. We then took immediate steps and contained the incident. We can confirm all Qantas systems remain secure.”
The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform.
Tony Jarvis, Darktrace Field CISO and VP APJ has informed ACSM that the initial reports on Qantas’ cyber breach show many hallmarks of the Scattered Spider ransomware group, which claimed responsibility for attacks against America’s Hawaiian Airlines and Canada’s Westjet last week, and the crippling attack against Marks & Spencer in the UK in April.
Scattered Spider are thought to be native English speakers who don’t just exploit technical vulnerabilities but manipulate people, especially IT help desks, through phishing, Multi Factor Authentication (MFA) bombing, and SIM swapping to gain access.
“The unfortunate thing is that this sort of third-party attack is not unique,” according to Jarvis. “It is just one more example of why cybersecurity is a fundamental business priority across the entire supply chain – especially when defending against highly targeted tactics that bypass traditional security measures.
“How significant the impact will be to Qantas’ operations – across both digital and physical channels – and the damage to its brand and reputation remains to be seen.”
In an update, Qantas confirmed it is continuing to investigate the proportion of the data that has been stolen, but stated, “we expect it will be significant.” An initial review has confirmed the data includes some customers’ names, emails, phone numbers, dates of birth and Frequent Flyer numbers.
Qantas has confirmed the data does not include credit card details, personal financial information and passport details as they are not held in the affected system. No Frequent Flyer accounts were compromised, nor have passwords, PIN numbers, or log in details been accessed.
Qantas advised they are taking the incident extremely seriously and is working with government agencies and independent specialised cyber security experts, “We will continue to support these agencies as the investigation continues.”
“We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available. We want to reassure all of our customers that there is no impact to Qantas’ operations or the safety of our airline.”
