Qantas Falls Victim As Scattered Spider Targets Aviation

Uploaded on 2025-07-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Australia’s flagship carrier, Qantas Airways, has become the latest victim of a sophisticated cyber attack, with the personal data of up to six million customers potentially compromised.

The breach, confirmed on 2nd July 2025, targeted a third-party customer service platform used by one of Qantas’s call centres, exposing names, email addresses, phone numbers, dates of birth, and Frequent Flyer numbers.

While the airline insists no financial data or login credentials were accessed, the scale of the incident has raised alarm, coming days after an FBI warning about the Scattered Spider hacking group targeting the aviation sector.

Scattered Spider’s Operating Method

Cybersecurity experts have noted that the attack bears the hallmarks of Scattered Spider, a prolific cybercrime group known for its social engineering tactics and ransomware deployment. The group, composed of native English speakers from the UK, US, and Canada, reportedly exploited vulnerabilities in a Manila-based call centre to infiltrate Qantas’s systems.

Cybersecurity firm CrowdStrike describes Scattered Spider as a financially motivated group targeting customer relationship management platforms, a trend evident in recent attacks on retail and telecom firms. Scattered Spider’s strategy often involves impersonating trusted contacts to trick employees into granting access, a method consistent with the Qantas breach. The FBI’s recent alert highlighted the group’s focus on airlines, with similar attacks targeting Hawaiian Airlines and other North American carriers. 

Systemic Vulnerabilities Exposed

The Qantas incident shows the aviation industry’s reliance on interconnected third-party systems, which experts warn are a weak link in cybersecurity. The International Civil Aviation Organization notes that 62% of airports reported cyberattacks in 2021, with third-party vendors increasingly targeted. Qantas’s breach, originating from a subcontractor’s platform, highlights the complexity of securing sprawling digital ecosystems.

Australian cybersecurity minister Tony Burke emphasized that third-party reliance complicates compliance with privacy laws, such as the amended Australian Privacy Principle 11, which mandates robust data protection.

Qantas’s Response & Customer Impact

Qantas acted swiftly upon detecting “unusual activity” on 30 June, containing the breach and engaging independent cybersecurity experts, including CyberCX, to investigate. As legally required, the airline has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police, reflecting the incident’s criminal nature.

CEO Vanessa Hudson issued a public apology, emphasizing that Qantas’s core systems and operations remain unaffected. However, the exposure of personal data raises concerns about phishing scams, with experts warning customers to be vigilant against fraudulent messages impersonating Qantas.

A dedicated hotline has been established to support affected customers, though the airline’s share price dipped 2.2% amid the news.

An Red Alert For the Aviation Industry

The breach has sparked calls for stronger protections in the aviation sector. In expert comment, Jordan Avnaim, CISO at Entrust said “Social engineering attacks are evolving rapidly – fueled by current events, AI-generated deepfakes, and increasingly convincing impersonation tactics. In addition, supply chain attacks are a common tactic for cybercriminals, who exploit contractors and third-party vendors as a path to gain access to larger objectives or high-value organisational targets... It's not surprising that threat actors have shifted focus towards the travel and aviation industry, where they can potentially create havoc by disrupting operational continuity and creating customer distrust...

Defending against these risks requires more than perimeter controls – it demands continuous workforce education, Zero Trust principles, phish-resistant multi-factor authentication and identity verification that can’t be socially engineered. Security must be a standing board-level conversation, with ongoing investment in both technology and response readiness.” Avnaim concludes.

Scattered Spider’s targeted campaign, coupled with the sector’s dependence on third-party systems, demands a reassessment of cybersecurity strategies.

As Qantas continues its investigation, the breach demonstrates the aviation industry’s vulnerabilities. With the aviation cybersecurity market projected to reach $8 billion by 2032, the incident underlines the need for transparent security practices to maintain customer confidence. 

SMH  |  Guardian  |   AFR  |  BBC  |   ABC  | National Technology  |  Security Brief  |   FT  |   iT News  |  Yahoo

Image: Josh Withers

You Might Also Read: 

MediSecure Hack - Half The Australian Population Affected:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NimDoor: North Korea’s Latest Cyber Exploit Targets Crypto
Why DevOps Security Must Be On Every Leader's Agenda »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

IT Security Association Germany (TeleTrusT)

IT Security Association Germany (TeleTrusT)

TeleTrusT is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

Virtru

Virtru

Virtru's Data Protection platform protects and controls sensitive information regardless of where it's been created, stored or shared.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

MER Group

MER Group

MER Group is a world-leading solutions provider specializing in Homeland Security (HLS), Cyber and Intelligence, Communication Infrastructure and Tactical Communication Systems.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

Qryptonic

Qryptonic

Qryptonic pioneers next-generation cybersecurity by leveraging the unparalleled capabilities of quantum computing to defend against evolving threats.