by 
On Monday, June 30, 2025, Australian airline Qantas reported a significant data breach that compromised the personal information of approximately 6 million customers. In a statement released on Wednesday, July 2, 2025, Qantas revealed that hackers gained unauthorized access to a customer service platform operated by a third-party organization. The platform contained service records, including customers’ names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. Qantas confirmed that no credit card details, financial information, or passport details were stored on the affected platform. Upon detecting “unusual activity,” the airline promptly secured the system. Qantas stated that all its systems are now secure, and the breach has not impacted the company’s operations or safety protocols. While the exact extent of the stolen data remains unclear, Qantas described the breach as “significant.” The airline is actively working to support affected customers and is collaborating with the Australian Cyber Security Centre, the Australian Federal Police, and cybersecurity experts to investigate the incident. Qantas CEO Vanessa Hudson issued an apology, stating, “We sincerely apologize to our customers and understand that this is a cause for concern. Our customers trust us to keep their personal information secure, and we take that responsibility seriously. We are reaching out to affected customers today and providing them with the necessary support is our top priority.” According to Reuters, Qantas’ share price dropped by 3.5% following the announcement, while the broader market saw a 0.4% increase. Australia has faced multiple high-profile cyber-attacks in recent years. In 2019, a cyber-attack targeted the country’s ruling and opposition parties just three months before a national election. In 2021, Nine News, a major media outlet, suffered a cyber-attack that disrupted its live broadcasts, marking one of the largest cyberattacks on an Australian media company. In 2022, Russian cybercriminals launched a ransomware attack on Medibank, Australia’s largest private health insurer, compromising the sensitive personal data of 9.7 million customers, including health claim details, some of which were later leaked on the dark web. Last year, Australia identified and sanctioned a Russian national believed to be part of the REvil ransomware gang, which has targeted entities in the United States and other countries. In 2022, Russian authorities conducted operations against the REvil gang, leading to several arrests.
