The infamous hacking collective Scattered Spider seems to have struck again—this time, targeting the aviation industry. In the latest breach, Qantas, Australia’s flagship airline, has confirmed a significant data breach linked to one of its third-party contact centers. While Qantas has not confirmed who may be behind the attack, cybersecurity experts are saying the attack has all the markings of Scattered Spider.
The breach has exposed sensitive customer information, affecting potentially 6 million customers. This massive data compromise is raising alarms across the global aviation and cybersecurity communities.
In this blog, we uncover everything known so far about the Qantas Data Breach. We also take a critical look at Qantas’ response and what cybersecurity experts are saying about the attack and the airline’s Incident Response.
Qantas revealed on Monday, June 30, 2025 that it detected unusual activity on a third-party platform used by one of its contact centers. This platform stored service records for approximately 6 million customers. The airline confirmed that it now believes a “significant portion” of that data may have been accessed or stolen.
According to the airline, the compromised information includes:
Importantly, Qantas has stated that no credit card details, financial information, or passport data was stored on the compromised system. In addition, frequent flyer accounts, passwords, PINs, and login credentials appear to remain untouched as per the airline’s statement.
The exposed data, however, is more than enough to enable targetted phishing, social engineering, and identity theft attempts. These, as seen in earlier attacks, are a core tactic in Scattered Spider’s playbook.
Qantas CEO Vanessa Hudson offered a public apology to affected customers, acknowledging the stress and uncertainty this incident has caused. “Our customers trust us with their personal information and we take that responsibility seriously,” she said in a statement.
The airline has begun issuing generic notifications to potentially impacted individuals and has promised more detailed communication as the investigation progresses.
Here’s what Amar Singh, CEO of Cyber Management Alliance and a definitive voice in the global Cyber Incident Response space said on the airline’s response: “While no organisation today is immune to cyber crime, Qantas must be commended for its timely and coherent response. The statement issued by the Airline and its CEO is crisp, clear and meaningful. It acknowledges the predicament of the customer, while sharing accurate details on the damage and the actions taken. The offer of support, including specialist identity protection advice and resources, represents the most comprehensive assistance an organisation can provide amidst such a massive assault.”
While the investigation into the breach is still ongoing, several cybersecurity experts have attributed the attack to Scattered Spider, the highly sophisticated and brazen cybercrime group. Known for social engineering, MFA bypass techniques, and targeting high-value sectors, the group recently tore through the UK’s retail sector impacting giants like Marks and Spencer, Harrods, Co Op and Christian Dior.
The U.S. government recently warned that the group was shifting its focus to the aviation industry. That prediction has proven accurate—with Hawaiian Airlines also being hit by a cyberattack in recent weeks that bears striking similarities to the Qantas breach.
“Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests,” said Sam Rubin, SVP of Consulting and Threat Intelligence, speaking to Cybersecurity Dive.
This breach isn’t just another headline. It’s part of a troubling trend that underscores how cybercriminals are escalating their attacks on global infrastructure. Airlines, due to their access to vast volumes of personally identifiable information and their operational dependencies, are becoming a prime target for adversaries.
Although Qantas acted quickly in notifying the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, the incident serves as a warning to other airlines and critical service providers: your third-party vendors are your weakest link, and preparedness can no longer be optional.
The Qantas data breach marks another chapter in Scattered Spider’s ongoing rampage, and it’s unlikely to be the last. For the global aviation sector and any business handling large volumes of customer data, this is a wake-up call.
Cyber resilience, employee training, and incident response planning must become cornerstones of enterprise strategy, especially in sectors where customer trust is everything.
If you have concerns over your organisation’s readiness to deal with the cyber crime storm raging in 2025, reach out to us today. Our NCSC Assured Training in Cyber Incident Planning and Response, professionally-conducted Cyber Drills and our expert Cybersecurity Consultancy services will put you on the path of cyber resilience with agility. Call us today to know more.