Qantas data breach exposes millions of customer records

Cybercriminals hit Qantas in a major data breach that exposed information from up to six million customers. Airline data breaches are on the rise, putting millions of travelers at risk. The Qantas incident underscores how vulnerable personal information can be. The FBI recently warned that a hacking group called Scattered Spider is actively targeting airlines and the transportation sector. So, what should you do if your data was compromised, and how can you protect yourself moving forward?

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

On June 30, 2025, Qantas found unusual activity on a third-party customer service platform. Hackers broke into this system and took personal information, such as names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.

Qantas confirmed that hackers did not access credit card details, financial information, or passport data. The airline quickly stopped the breach and began telling affected customers. We reached out to Qantas for comment. They referred us to their official update, which says the system remains secure. No one compromised frequent flyer accounts or passwords. Qantas also reports no further threat activity. The airline is working with cybersecurity experts and government authorities to investigate. They have added new security measures to protect customer data and frequent flyer accounts.

The timing is alarming. Just days before the breach, the FBI warned that Scattered Spider, a hacking group known for its social engineering and ransomware tactics, was targeting airlines. This group has been linked to attacks on Hawaiian Airlines and WestJet.

Chris Borkenhagen, a seasoned cybersecurity leader who serves as CISO & Chief Digital Officer at AuthenticID and brings over two decades of experience protecting digital identities, explains:

“Even partial personal data like names, contact details, birthdates, and loyalty account numbers can be weaponized by cybercriminals. Affected consumers should immediately update passwords, especially if reused elsewhere, and enable multi-factor authentication.”

Airline data is highly valuable to hackers because, even without financial details, airlines collect a wealth of personal information that criminals can exploit. Hackers can use this data to hijack loyalty accounts and steal points or miles, create fake identities for fraudulent activities, and launch highly convincing phishing campaigns that target both travelers and employees. Airline breaches are especially dangerous since they often involve a combination of personal, behavioral, and contextual data, which enables cybercriminals to carry out targeted attacks with greater effectiveness.

Watch for these red flags after a breach:

“Cybercriminals act fast after breaches, using personal details to impersonate victims or extract more data. Investigate any unusual activity immediately,” warns Borkenhagen.

If Qantas notifies you that your data was compromised, act immediately: 

Change passwords on your airline account and any other accounts using the same credentials. Use strong, unique passwords. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords.

Turn on multi-factor authentication (MFA) wherever possible, especially on travel, email, and financial accounts.

Watch your loyalty program and financial accounts for any unusual activity. 

Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.  One of the best parts of my #1 pick is that they have identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft. 

Watch out for phishing attempts, as scammers may use stolen data to craft convincing messages. Don’t click on any links or download attachments from suspicious emails or texts-instead, verify the sender’s identity by contacting the company directly through their official website or app. Using up-to-date antivirus software can also help detect and block malicious content before it can do harm.

For the best antivirus protection in 2025, visit CyberGuy.com/LockUpYourTech. 

Consider using a personal data removal service to help limit how much of your information is exposed online. Reducing your digital footprint makes it harder for cybercriminals to find and exploit your personal details.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan. 

As we’ve seen, airline data breaches, such as the recent Qantas incident, are no longer rare; they’re a growing reality for travelers everywhere. While Qantas acted quickly to contain the breach and safeguard sensitive data, this event is a reminder that cybercriminals are always looking for new ways to exploit personal information. By taking proactive steps, such as updating your passwords, enabling multi-factor authentication, and keeping an eye out for suspicious activity, you can reduce your risk and protect your identity. Don’t wait for the next headline to take action; start securing your accounts and digital footprint today.

Should airlines face stricter legal standards for data protection? Who should enforce these? Let us know by writing us at Cyberguy.com/Contact.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.

Copyright 2025 CyberGuy.com. All rights reserved.

About Author /

Start typing and press Enter to search