Qantas disclosed that a cyberattack exposed personal data belonging to about 5.7 million to 6 million customers, making it one of the most significant airline-sector breaches reported in Australia. Early reporting said the incident affected customer records rather than flight operations, with exposed information understood to include personal and contact details held in airline systems. Coverage also linked the intrusion to the broader wave of attacks against airlines and travel firms attributed to Scattered Spider, a financially motivated threat group known for social-engineering tactics and extortion.
Subsequent reporting said Qantas was among nearly 40 companies facing ransom demands from the same hacker group, and that attackers later leaked data containing roughly 5 million customer records after a ransom deadline passed. The leak escalated the incident from a large-scale breach to a public extortion event, increasing the risk of fraud, phishing, and identity abuse for affected customers while underscoring the aviation sector's exposure to coordinated intrusion-and-ransom campaigns.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
After a ransom deadline expired, hackers leaked data containing 5 million Qantas customer records. The publication of stolen data represented a major escalation in the incident's impact.
Later reporting said Qantas was one of almost 40 companies targeted with ransom demands by the hacker group behind the campaign. This marked an escalation from data theft to extortion pressure.
Qantas updated its breach disclosure, saying the cyberattack affected 5.7 million customers. This refined the scope of the incident from the roughly 6 million initially reported.
Coverage of the Qantas incident identified Scattered Spider as the hacker group believed to be targeting airlines, adding attribution context to the breach. The reporting described the group as part of a broader campaign against the aviation sector.
Qantas disclosed that attackers accessed a third-party platform used by one of its contact centres and stole customer data. Early reporting said the breach affected about 6 million airline customers.
5 references tracked. Mallory keeps watching after this page renders.
theguardian.com
Open sourcetheguardian.com
Open sourcecybersecuritydive.com
Open sourceabc.net.au
Open sourcebbc.co.uk
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.