Qantas planes at Kingsford Smith International Airport. File
| Photo Credit: Reuters
On July 9, 2025, Australia’s Qantas Airways revealed that a significant data breach has potentially compromised the personal information of over a million customers. Among those affected, sensitive details including phone numbers, birth dates, and home addresses have been accessed, marking one of the most serious cyber incidents in recent years.
Additionally, approximately four million other customers had their names and email addresses retrieved during the cyberattack, raising substantial privacy concerns.
Following the disclosure of this attack, Qantas confirmed that its database had contained the personal information of 5.7 million customers. This figure was adjusted after eliminating duplicate records from an initial estimate of six million impacted.
The airline emphasized that there is currently no evidence to suggest that any of the breached personal data has been publicly disseminated. Qantas has assured stakeholders that it is actively monitoring the situation and implementing measures to bolster cybersecurity.
Vanessa Hudson, CEO of Qantas Group, stated, “In response to this incident, we have introduced additional cybersecurity measures to enhance the protection of our customers’ data and are conducting a thorough investigation into how this breach occurred.”
This incident constitutes Australia’s most high-profile cyber event since the attacks targeting Optus and Medibank in 2022, which prompted the introduction of mandatory cybersecurity resilience laws.
In light of this breach, businesses in the U.S. should be mindful of the potential methods adversaries may employ when executing such attacks. It is possible that techniques outlined in the MITRE ATT&CK framework were utilized, including initial access through phishing or exploiting software vulnerabilities, as well as lateral movement within the network to escalate privileges and gain deeper access to sensitive information.
The impact of this incident underscores the importance of robust cybersecurity measures and the need for ongoing vigilance against evolving threats.
Published – July 09, 2025 11:03 am IST
