Qantas has confirmed a cyberattack exposing data from six million customers. Cybersecurity experts link the breach to the Scattered Spider group, known for targeting critical infrastructure. The incident highlights rising threats across the global aviation sector.
Six million customers affected as hackers linked to notorious Scattered Spider group exploit airline's third-party systems
Australia's national carrier Qantas has fallen victim to a sophisticated cyberattack that compromised the personal data of approximately six million customers, the airline confirmed on July 2, 2025. The breach represents the latest in a string of attacks targeting the aviation sector by the notorious hacking collective known as Scattered Spider.
The attack originated through a cybercriminal infiltration of a third-party customer service platform used by one of Qantas's call centers. While the airline emphasized that no financial information, passport details, or frequent flyer credentials were accessed, the exposed data—including names, birth dates, email addresses, and phone numbers—could potentially enable identity theft and sophisticated phishing campaigns.
Qantas Group CEO Vanessa Hudson moved quickly to address the crisis, emphasizing the company's collaborative approach to containment and investigation.
"We are working closely with the Federal Government's National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts,"
Hudson said in a statement that underscored the severity of the breach and the need for public-private coordination in combating cybercrime.
The airline has established dedicated support lines and begun contacting affected customers directly while coordinating with federal authorities on the investigation.
Qantas also issued a public statement on social media to acknowledge the breach, reassure customers, and provide a link to further support.
We sincerely apologise to customers impacted by a recent cyber incident that occurred in one of our contact centres. The system is now contained.
— Qantas (@Qantas) July 2, 2025
We’re currently contacting customers to make them aware of the incident, apologise and provide details on support available to them.…
Cybersecurity experts point to the sophistication and sector-specific nature of Scattered Spider's operations. The group has gained notoriety for exploiting vulnerabilities in third-party platforms and employing advanced social engineering techniques—tactics that align precisely with the Qantas attack methodology.
Check Point CEO Nadav Zafrir has been increasingly vocal about the evolving threat landscape facing critical infrastructure, including aviation, calling for "brutal honesty" and innovation in cybersecurity approaches.
In a recent Fox Business interview, Zafrir highlighted what he described as a "new phase of attack methods" in which hackers are increasingly manipulating user interfaces within hyperconnected networks. He noted that these networks have become more complex and scalable through AI integration, creating more sophisticated attack vectors.
The Check Point executive also referenced concerns about state-sponsored actors employing hybrid warfare techniques, particularly targeting critical infrastructure including airlines, energy, and telecommunications sectors. Such attacks, he argued, should be considered acts of terror against sovereign infrastructure.
Watch the interview below, where Check Point CEO Nadav Zafrir discusses the growing cyber threat to critical infrastructure and the aviation sector.
Check Point CEO Nadav Zafrir outlines the growing cyber risks facing aviation and critical infrastructure in a Fox Business interview.
The Qantas incident follows a troubling pattern of aviation sector breaches. Hawaiian Airlines recently disclosed a cybersecurity event affecting some IT systems, though the carrier maintained its full flight schedule. The Federal Aviation Administration confirmed it was monitoring the situation and reported no safety impacts.
The aviation industry's vulnerability stems from its heavy reliance on interconnected digital ecosystems encompassing reservation systems, flight management software, air traffic control communications, baggage handling systems, and in-flight entertainment networks.
The agency is working with the aviation and industry partners to address this activity and assist victims. Airlines for America, which represents the leading U.S. passenger carriers, declined comment.
Last week, Hawaiian Airlines said it was addressing a cybersecurity event that has affected some of its IT systems. However, it said it was able to continue operating its full flight schedule. The Federal Aviation Administration (FAA) safety office said it was in contact with the airline and that there has been no impact on safety.
Amid the rising wave of cyberattacks on aviation and transport networks, the FBI issued a public warning on X underscoring the broader national security implications and urging industry-wide vigilance:
ALERT—The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.… pic.twitter.com/gowmbsAbBY
— FBI (@FBI) June 27, 2025
"If just one weak link is compromised, the ripple effects could be massive," noted Haris Pylarinos, CEO of cybersecurity firm Hack the Box.
Scattered Spider first gained widespread attention in September 2023 through multimillion-dollar attacks on Las Vegas casinos MGM Resorts and Caesars Entertainment. The group typically focuses intensively on specific sectors for extended periods. Recent targets have included insurance giant Aflac, where Social Security numbers and health information were potentially compromised, and retail operations including Ahold Delhaize USA, parent company of Giant and Food Lion grocery chains.
"The actor's core tactics, techniques, and procedures have remained consistent,"
said Mandiant Chief Technology Officer Charles Carmakal in a Friday statement, adding that his firm "is aware of multiple incidents in the airline and transportation sector" that bear Scattered Spider's operational hallmarks.
Financial markets reacted swiftly to news of the breach. By 11:00 AM Wednesday, Qantas shares had fallen nearly 4%, reflecting investor anxiety about both immediate response costs and potential long-term reputational damage.
The market reaction underscores growing recognition that cybersecurity breaches represent significant business risks extending far beyond IT departments to core operational and financial performance.
The Qantas attack signals that the global aviation sector has become a primary target for one of the world's most sophisticated cybercriminal organizations. The incident highlights the urgent need for airlines to fundamentally reassess their cybersecurity postures, elevating these concerns from technical issues to board-level strategic priorities.
"Our customers trust us with their personal information and we take that responsibility seriously,"
Hudson said, acknowledging the fundamental trust relationship at stake.
As Scattered Spider continues its systematic targeting of critical infrastructure sectors, the aviation industry faces an evolving threat landscape that demands enhanced vigilance, significant investment, and adaptive security strategies.
The coming days will likely reveal how Qantas—and the broader aviation sector—responds to this escalating era of targeted cyber warfare against critical infrastructure.
This is a developing story and will be updated as more information becomes available.
Cybercrime now targets people, not just systems. Chapter 1 exposes how hackers exploited human error at Marks and Spencer, triggering a £300 million breach. As AI adoption rises, trust and identity become the new battlegrounds—and our greatest vulnerability.
Asia-Pacific faced over one-third of all cyberattacks in 2024, making it the world’s top target. From manufacturing breaches to talent shortages and rising ransomware, CNC investigates how a region of digital ambition became cybercrime’s global epicentre.
On May 30, 2025, Australia became the first nation to criminalize secret ransomware payments. Under the new Cyber Security Act, large organizations must report such incidents within 72 hours—marking a major step in the country’s quest to become a global cybersecurity leader by 2030.
AI is reshaping Western defense, but with progress comes risk. Australia stands at a crossroads: lead in securing AI-driven military tech or risk importing vulnerabilities. As global powers weaponize algorithms, oversight, cooperation, and resilience are now mission-critical.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
