The airline Qantas, the largest in Australia, has confirmed a massive leak of personal data following a cyberattack that occurred in July, whose effects and consequences continue to generate headlines around the world. The company detected unusual activity on a third-party platform used by its customer service center, allowing attackers to access information on approximately six million passengers.

Incident details and compromised data

The attack did not directly impact internal systems or flight operations, but rather a subcontractor responsible for customer management and support, bringing back to the center of attention the importance of security in the digital supply chain. Among the data presented are:

  • Full names and email addresses
  • Birthdates and phone numbers
  • Frequent flyer numbers
  • To a lesser extent, physical directions and flight preferences

The company has assured that no passwords, passport numbers or financial information were leaked, so direct damage is limited but worrying because of the potential misuse of this data in phishing or impersonation campaigns.

Chronicle of the attack and legal consequences

The breach affected some 40 large global companies that shared a supplier, and was executed by the group Scattered Lapsus$ Hunters. After failing in their attempt to extort with a ransom, cybercriminals have made the data public on the deep Internet during the month of October. Australian authorities have stressed that outsourcing services does not exempt Qantas from its data protection responsibilities and a court order has already been imposed restricting the dissemination of stolen information.

Qantas feedback and measures for customers

Qantas contacted those affected to explain what happened and set up helplines and identity protection services. We are collaborating with cybersecurity experts, the Australian Federal Police and the Australian Cybersecurity Center to assess the true extent of the incident and prevent subsequent fraud attempts.

The airline has tightened controls and recommends users to exercise extreme caution in the face of suspicious emails, changes to frequent flyer accounts and any targeted phishing attempt.

Is your company prepared to withstand a cyberattack on its supply chain?🛡️

At Apolo Cybersecurity, we carry out audits, design contingency plans and offer specialized training to ensure that your data and that of your customers are truly protected against the most recent threats.

This incident is a new warning about the risks involved in digitalization and the dependence on external providers for critical services. The FBI also warned that attacks on airlines and transportation are increasing, with advanced social engineering techniques that surpass even double verification systems.

Effective management of the supply chain, constant supervision and rapid response to incidents are already essential requirements for every relevant actor in the digital economy and the critical infrastructure sector.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity