No ransom request after Qantas cyber attack

Jul 04, 2025, updated Jul 04, 2025
Qantas will contact customers individually to reveal the type of data compromised in the attack. Photo: Bianca De Marchi/AAP.
Qantas will contact customers individually to reveal the type of data compromised in the attack. Photo: Bianca De Marchi/AAP.

Qantas will soon be able to tell the six million customers whose data was stolen by cyber criminals exactly what type of personal information was harvested.

In an update on Friday, the airline also said the group believed responsible for the incident remained unclear and that it had not received a ransom request.

The hack, revealed earlier this week, occurred on a third-party system used by a call centre working for Qantas.

Sensitive data such as credit card details, personal financial information, passport details and Qantas Frequent Flyer accounts were not exposed.

But millions of customers did have names, dates of birth, and email addresses stolen.

Qantas will next week will contact customers individually to tell them exactly what type of personal data was “contained in the system”, or compromised.

“I want to apologise again for the uncertainty this has caused,” chief executive Vanessa Hudson said on Friday.

“We’re committed to keeping our affected customers informed with regular updates as our investigation progresses.”

Qantas, which is working with government authorities to investigate the incident, reaffirmed there had been no further threat in the system and that it remained secure.

Multiple cyber experts believe the group responsible for the attack is called Scattered Spider, a cabal of young cyber criminals in the US and Britain.

The US Federal Bureau of Investigation recently warned that the group was targeting airlines by impersonating legitimate users to bypass multifactor authentication and access systems.

Airlines such as America’s Hawaiian Airlines and Westjet have faced cyber attacks in the past fortnight.

Stay informed, daily

Qantas has rolled out additional security measures to counteract any more potential threats and increase detection. They include more security measures for frequent flyer accounts by introducing “additional identification” for account changes.

“We are treating this incredibly seriously and have implemented additional security measures to further strengthen our systems,” Hudson said.

“Our customers can be assured that we have the right expertise and resources dedicated to resolving this matter thoroughly and effectively.”

Qantas also warned scammers are already impersonating the airline after the attack and told customers to be vigilant.

The airline will never contact customers requesting passwords, booking reference details or sensitive login information.

“If customers do receive any suspicious emails, text messages or calls from someone purporting to be Qantas you can report this via our dedicated support line, Scamwatch, or contact local authorities,” it said.

Since the hack, Qantas has received more than 5000 customer enquiries.

Meanwhile, legal experts suggest the incident could lead to a class action against Qantas, after compensation claims against Optus and Medibank after major breaches in 2022.

Qantas customer support line: 1800 971 541 or +61 2 8028 0534

-AAP

Just In