Cyberattackers Target Airlines: Qantas Suffers from Widespread Cyber Incident

Cybercriminals who targeted casinos last year are now turning their sights on airlines, with millions of Australia’s Qantas customers caught in the latest breach.

Australia’s Qantas Airways said Wednesday that a cyberattack exposed personal data belonging to around six million customers, after a criminal gained access to a third-party platform used by one of its airline contact centers. The airline said the compromised system has since been contained and that its flight operations remain unaffected.

The disclosure comes just days after the FBI warned that cybercriminal group Scattered Spider had begun targeting the airline sector. “These actors rely on social engineering techniques… to deceive IT help desks into granting access,” the bureau said in a post on X, noting the group often bypasses multi-factor authentication and exploits trusted vendors. The FBI said any entity in the airline ecosystem, including contractors, could be at risk.

Qantas said it detected “unusual activity” on June 30 and quickly secured the affected platform, which is not part of its main IT systems. “We sincerely apologise for this incident and recognise the uncertainty it may cause,” the airline said. 

An initial review however found that the stolen data includes names, email addresses, phone numbers, dates of birth and frequent flyer numbers. However, Qantas stressed that no credit card or bank information, passports, or login credentials were accessed.

The airline is now directly contacting affected customers and offering support.

Qantas added it is working with government agencies and independent cybersecurity experts as the investigation continues, and it has introduced tighter access controls and improved monitoring.

Cybersecurity expert Dr. Hammond Pearce of UNSW Sydney told Australian media that the data exposed—names, birth dates, email addresses and phone numbers—could have “devastating consequences.”

Dr. Pearce warned that the combination of personal details “may pave the way for a future ‘downstream attack’” by hackers seeking to impersonate customers and access services or open new accounts. “The biggest thing that we’re worried about is impersonation… where they [hackers] can pretend to be you with other businesses,” he said.

According to the FBI, Scattered Spider is a group of hackers known for targeting large corporations and their third-party IT providers. Last year, the same group attacked casinos and now appears to be shifting to the airline industry. 

Once inside a system, the group is known to install ransomware and demand payment, often after impersonating employees or help desk staff to gain access. In recent weeks, Hawaiian Airlines and Canada’s WestJet also reported similar breaches.