Qantas confirms data breach impacting 5.7 million travelers
In a recent cyber incident, Australian airline Qantas confirmed that approximately 5.7 million passengers' personal data were compromised in a breach that occurred in June 2025. The stolen data included names, email addresses, frequent-flyer numbers, dates of birth, phone numbers, genders, and meal preferences. However, Qantas officials assured that no sensitive personal or financial information, such as credit card numbers or passport data, were accessed.
The suspected perpetrators behind this attack are the Scattered Spider cybercrime group, known for their social-engineering tactics. Although official attribution has not been confirmed, the attack is linked to a broader spree of cyberattacks attributed to Scattered Spider. It's important to note that Scattered Spider is notorious for exploiting third-party platforms and helpdesk systems to target various organisations, including airlines.
In a related development, Mandiant researchers reported on the activities of UNC6040, a threat group that targets Salesforce instances for social-engineering attacks and extortion. UNC6040 has overlaps with The Com, an underground collective with ties to Scattered Spider. Salesforce had warned about such attacks as early as March this year.
For the specific incident in June 2021, no information is available regarding the threat group involved.
In response to the attack, Qantas has taken steps to enhance its internal security to prevent a similar incident. The airline is also reaching out to customers to notify them about the specific data held in the compromised systems and is offering additional support services.
It's crucial for Qantas passengers to be vigilant against fraudulent calls or messages claiming to represent Qantas. The airline advises passengers to exercise caution and verify the authenticity of any communication before providing personal information.
At the time of writing, there is no evidence that the stolen data has been leaked online. Qantas continues to monitor the situation closely and urges customers to stay informed about any updates regarding their personal data.
Cybersecurity experts are closely monitoring the Scattered Spider cybercrime group, the suspected perpetrators behind the cyber incident at Qantas, as the attack is linked to a broader spree of attacks attributed to this group. In the realm of general-news and crime-and-justice, it's essential for technology companies like Qantas to prioritize cybersecurity to protect customer data from such threats.
