Qantas Falls Victim As Scattered Spider Targets Aviation

Uploaded on 2025-07-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Australia’s flagship carrier, Qantas Airways, has become the latest victim of a sophisticated cyber attack, with the personal data of up to six million customers potentially compromised.

The breach, confirmed on 2nd July 2025, targeted a third-party customer service platform used by one of Qantas’s call centres, exposing names, email addresses, phone numbers, dates of birth, and Frequent Flyer numbers.

While the airline insists no financial data or login credentials were accessed, the scale of the incident has raised alarm, coming days after an FBI warning about the Scattered Spider hacking group targeting the aviation sector.

Scattered Spider’s Operating Method

Cybersecurity experts have noted that the attack bears the hallmarks of Scattered Spider, a prolific cybercrime group known for its social engineering tactics and ransomware deployment. The group, composed of native English speakers from the UK, US, and Canada, reportedly exploited vulnerabilities in a Manila-based call centre to infiltrate Qantas’s systems.

Cybersecurity firm CrowdStrike describes Scattered Spider as a financially motivated group targeting customer relationship management platforms, a trend evident in recent attacks on retail and telecom firms. Scattered Spider’s strategy often involves impersonating trusted contacts to trick employees into granting access, a method consistent with the Qantas breach. The FBI’s recent alert highlighted the group’s focus on airlines, with similar attacks targeting Hawaiian Airlines and other North American carriers. 

Systemic Vulnerabilities Exposed

The Qantas incident shows the aviation industry’s reliance on interconnected third-party systems, which experts warn are a weak link in cybersecurity. The International Civil Aviation Organization notes that 62% of airports reported cyberattacks in 2021, with third-party vendors increasingly targeted. Qantas’s breach, originating from a subcontractor’s platform, highlights the complexity of securing sprawling digital ecosystems.

Australian cybersecurity minister Tony Burke emphasized that third-party reliance complicates compliance with privacy laws, such as the amended Australian Privacy Principle 11, which mandates robust data protection.

Qantas’s Response & Customer Impact

Qantas acted swiftly upon detecting “unusual activity” on 30 June, containing the breach and engaging independent cybersecurity experts, including CyberCX, to investigate. As legally required, the airline has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police, reflecting the incident’s criminal nature.

CEO Vanessa Hudson issued a public apology, emphasizing that Qantas’s core systems and operations remain unaffected. However, the exposure of personal data raises concerns about phishing scams, with experts warning customers to be vigilant against fraudulent messages impersonating Qantas.

A dedicated hotline has been established to support affected customers, though the airline’s share price dipped 2.2% amid the news.

An Red Alert For the Aviation Industry

The breach has sparked calls for stronger protections in the aviation sector. In expert comment, Jordan Avnaim, CISO at Entrust said “Social engineering attacks are evolving rapidly – fueled by current events, AI-generated deepfakes, and increasingly convincing impersonation tactics. In addition, supply chain attacks are a common tactic for cybercriminals, who exploit contractors and third-party vendors as a path to gain access to larger objectives or high-value organisational targets... It's not surprising that threat actors have shifted focus towards the travel and aviation industry, where they can potentially create havoc by disrupting operational continuity and creating customer distrust...

Defending against these risks requires more than perimeter controls – it demands continuous workforce education, Zero Trust principles, phish-resistant multi-factor authentication and identity verification that can’t be socially engineered. Security must be a standing board-level conversation, with ongoing investment in both technology and response readiness.” Avnaim concludes.

Scattered Spider’s targeted campaign, coupled with the sector’s dependence on third-party systems, demands a reassessment of cybersecurity strategies.

As Qantas continues its investigation, the breach demonstrates the aviation industry’s vulnerabilities. With the aviation cybersecurity market projected to reach $8 billion by 2032, the incident underlines the need for transparent security practices to maintain customer confidence. 

SMH  |  Guardian  |   AFR  |  BBC  |   ABC  | National Technology  |  Security Brief  |   FT  |   iT News  |  Yahoo

Image: Josh Withers

You Might Also Read: 

MediSecure Hack - Half The Australian Population Affected:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NimDoor: North Korea’s Latest Cyber Exploit Targets Crypto
Why DevOps Security Must Be On Every Leader's Agenda »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

NT Cyfence

NT Cyfence

CAT Cyfence is the IT Security services business unit of CAT Telecoms.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

Concentric AI

Concentric AI

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

CyXcel

CyXcel

CyXcel is a cyber security consulting business grounded in the law which natively fuses crises, legal, technical, and consulting expertise digital networks, information and operational technology.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.