Qantas confirms Australia's biggest cyber attack in years exposing 6 million customers

Australia's Qantas has confirmed it has suffered from a cyberattack that has now exposed six million Qantas customer names, email addresses, phone numbers, birth dates, and frequent flyer numbers.

The airline has confirmed the breach in a recent statement on Wednesday, with the attack being described as the biggest breach in Australia in years. Qantas explained the cyberattack can be traced to a third-party customer service platform (call center), but the airline didn't say where or which call center was targeted. The Australian airline said that it was made aware of the breach after it detected unusual activity on its network and that it acted immediately to prevent any further exploitation.

It was only last week that the US Federal Bureau of Investigation (FBI) said cybercrime group Scattered Spider was targeting airlines. The FBI warned that Hawaiian Airlines and Canada's WestJet have already reported breaches. Qantas didn't provide the name of the hacking group, so it's not confirmed whether Scattered Spider is behind the attack.

However, it appears that is the case with Mark Thomas, Australia's director of security services for cyber security firm Arctic Wolf, saying the following, "What makes this trend particularly alarming is its scale and coordination, with fresh reports that Qantas is the latest victim."

How did this happen? Officials believe Scattered Spider hackers tend to impersonate a company's tech staff to gain employee passwords, and that with the recent Qantas hack, "it is plausible they are executing a similar playbook."

This Qantas hack is among the largest in Australia's history, sitting at the table with the Optus hack that occurred in 2022.