Locations Affected: Australia
On 01 July, Australia’s flag carrier Qantas Airways confirmed a cyberattack on one of its customer call centres. The breach occurred on 30 June and potentially led to the leak of personal data for up to six million customers, making it one of the largest data breaches in Australia in recent years. Qantas has confirmed that the system affected by the breach has been contained and secured, and that there was no impact on flight operations or safety systems.
Type of Data Compromised and Investigation Into the Attack
Since 28 May, tensions have risen along the Thailand–Cambodia border after a military clash in the disputed area between Cambodia’s Preah Vihear Province and Thailand’s Ubon Ratchathani Province. Prime Minister Paetongtarn has faced criticism for her handling of the situation. Discontent grew further after a leaked 15 June phone call with former Cambodian leader Hun Sen, in which Paetongtarn was heard criticizing a senior Thai military official and was perceived to be conciliatory toward Hun Sen. Protestors argue this conversation undermined confidence in Thailand’s military.
Type of Data Compromised and Investigation Into the Attack
- The compromised data includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. However, frequent flyer accounts were not accessed, and financial information, such as credit card numbers, passwords, and PINs, was not compromised, as it was not stored in the affected system.
- The airline has launched a formal investigation into the scale and nature of the attack, with assistance from cybersecurity experts, the Australian Cyber Security Centre, the National Cyber Security Coordinator, and the Australian Federal Police. The Office of the Australian Information Commissioner has also been notified, as per data breach regulations.
- Qantas has set up a dedicated support line to offer guidance and has begun directly contacting affected customers.
- No confirmation has been made regarding the identity of the culprits. However, some reports suggest similarities between the attack on Qantas and previous attacks by the cybercriminal group Scattered Spider. On 28 June, the United States Federal Bureau of Investigation issued an alert warning that the aviation sector was being targeted by the group.
Outlook on the Situation
Australia has seen a sharp rise in cyberattacks targeting critical sectors, including telecommunications, healthcare, and more recently, aviation. According to the Office of the Australian Information Commissioner (OAIC), reported data breaches under the mandatory notification scheme increased by 25 percent year-on-year in 2024.
The aviation sector has become an increasingly attractive target due to its reliance on legacy IT systems, large volumes of passenger data, and extensive third-party service providers. Recent incidents have involved the potential exposure of personal information such as names, contact details, travel records, and loyalty program numbers. These breaches raise concerns about the misuse of sensitive data through phishing, identity theft, or social engineering—especially for frequent flyers and high-value travellers.
As the industry faces heightened regulatory expectations, organisations are under growing pressure to improve vendor risk management, strengthen incident response plans, and ensure compliance with evolving data protection standards. Businesses are advised to assess the cybersecurity posture of their travel management systems and reinforce controls around employee travel data.
Updates related to any confirmed breach should be monitored through official channels.
