Qantas cyber incident: Executives punished by the board!
If you are a frequent flyer at Qantas, you cannot afford to miss this!
Australia’s largest airline, Qantas, suffered a cyber mishap earlier in June this year. It seems like the airline company is still struggling with the repercussions of the cyberattack. The Qantas board has decided to punish the executives because of the financial loss incurred due to the attack. The cyber incident has affected customer data, and as a result, the board of directors has decided to bring down the compensation for the executive team and CEO Vanessa Hudson by 15%. This immediately leads to a reduction of a whopping $250,000 for Hudson.
The Qantas team got to know about the cyberattack back on June 30. The threat actors had managed to breach into a third-party platform that Qantas was using as a customer service contact support. Before Qantas could do anything, the cybercrooks had already gained access to the personal data of a staggering 5.7 million passengers.
Interestingly enough, the cyber incident took place just a few days after a warning issued by the FBI. They had warned people against a cybercriminal group named the Scattered Spider. The same group of cybercrooks is responsible for multiple cyberattacks on several popular UK retailers, such as M&S.
Before Qantas, Canada’s WestJet, and US-based Hawaiian Airlines were also targeted by cybercrooks. The Qantas breach is the latest addition to the list of 2025 breaches in Australia. Nine Media and AustralianSuper had already been targeted in recent times. In March 2025, the OAIC, or the Office of the Australian Information Commissioner, released data revealing 2024 as the worst year for data breaches since 2018.
Right after the attack, CEO Hudson stated that Qantas had been working tirelessly to find out what type of customer data was compromised. Qantas had promised to offer adequate assistance to its customers regarding cyber protection. The CEO had asked customers to contact the dedicated support line if they encountered any suspicious activity.
Qantas has been working closely with agencies such as the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner.
The targeted database contained the names and email addresses of over 4 million passengers. Around 2.8 million of these records included the passenger’s frequent flyer numbers. The remaining 1.7 million records consisted of details such as gender, dates of birth, phone numbers, meal preferences, and gender information. However, what’s reassuring is that the cybercriminals don’t have access to sensitive data, such as payment card numbers, passport numbers, financial information, and Qantas account credentials.
Passengers were cautioned against any suspicious messages or calls from people who pretend to be from Qantas. To prevent similar cyber mishaps in the future, the Qantas Group has implemented multiple cybersecurity measures.
However, since last month, Qantas has been warning its customers against a sudden spike in the incidents of malicious attempts whereby scammers are posing as Qantas personnel and trying to connect with customers through phishing emails and messages.
Who was behind the cyberattack?
A group of hackers, known as UNC6040, carried out the threat attack on Qantas. Besides the Australian airline, this group has managed to breach the systems of popular brands such as Cisco, Adidas, and Pandora, among others. The hacker group has a connection with the ShinyHunters collective. So far, Qantas has been tight-lipped about any details pertaining to the perpetrators.
Qantas said that it has been prepping for sophisticated social engineering threats. The latest cyber incident has also taught Qantas about the intricacies of incorporating a risk management framework. Qantas has claimed that it is now all set to combat any kind of cyber threats and that the passengers and their data are safe from any cyber advances.
John Muen, the chairman of Qantas Group, has claimed that the last financial year has been “outstanding” and that the company has managed to achieve significant milestones around customer satisfaction, performance, and company reputation. But their statement and subsequent actions don’t really match each other.
The annual bonuses of the CEO and executives have been reduced by 15%. The reduction portrays the shared accountability of Qantas in these difficult times. The reduction was necessary to cater to the customer support systems Qantas has been establishing to assist the impacted passengers.
Experts like Cary Kind, the Australian Privacy Commissioner, warn that data breaches driven by sophisticated cybercrimes are likely to rise in the coming months and years. To counter this, businesses and agencies must strengthen their cybersecurity measures, implement phishing protection, and establish robust data protection systems. He also emphasizes that both private and public sectors remain highly vulnerable to these growing threats in the future.