Qantas Faces Extortion Following Cyberattack That Exposed Millions of Customer Records

Qantas confirms it’s facing extortion following a cyberattack that exposed customer data from a third-party vendor, possibly linked to Scattered Spider’s aviation sector targeting.
Qantas Faces Extortion Following Cyberattack That Exposed Millions of Customer Records
Table of Contents
    Add a header to begin generating the table of contents

    Qantas has confirmed it is being extorted by cybercriminals after a recent data-theft attack potentially exposed sensitive information belonging to nearly six million customers. The airline revealed the extortion attempt in a statement on July 6, saying a threat actor had made contact and that federal authorities were now involved.

    “A potential cyber criminal has made contact, and we are currently working to validate this,” Qantas said.

    “As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the details of the contact.”

    Data Breach Originated from a Third-Party Vendor

    The breach was initially disclosed on July 1 after Qantas detected unusual activity in a third-party system used by one of its contact centres. According to the airline, the compromised data includes:

    • Names
    • Email addresses
    • Phone numbers
    • Dates of birth
    • Frequent flyer numbers

    Crucially, Qantas clarified that financial information, passport numbers, passwords, PINs, and login credentials were not affected.

    Customers Warned About Phishing Risks

    The airline is urging customers to be cautious of potential phishing scams leveraging the stolen data.

    Qantas emphasized that any official communication would come from the “@qantas.com” domain and reminded customers that the airline will never ask for login credentials, passwords, or ticket confirmation codes via email, SMS, or phone call.

    Linked to Scattered Spider’s Aviation Campaign

    The Qantas cyberattack is part of a broader campaign attributed to threat actors associated with Scattered Spider, a group known for its advanced social engineering tactics. These attackers commonly target help desks and third-party service vendors to manipulate password resets and multi-factor authentication bypasses.

    The same group has previously been linked to attacks on:

    In the case of M&S, attackers successfully impersonated an employee and tricked a service desk into resetting login credentials and MFA protections—mirroring the tactics suspected in the Qantas breach.

    Investigation Underway with National Agencies

    Qantas is now working closely with:

    • Australian Federal Police (AFP)
    • Australian Cyber Security Centre (ACSC)
    • Office of the Australian Information Commissioner (OAIC)
    • External cybersecurity experts

    The full scope of the breach and the nature of the extortion demand remain undisclosed. As of now, no ransomware payload has been confirmed, and Qantas has not attributed the breach to any specific group publicly.

    Related Posts