NEWYou can now listen to Fox News articles!
Cybercriminals hit Qantas in a major data breach that exposed information from up to six million customers. Airline data breaches are on the rise, putting millions of travelers at risk. The Qantas incident underscores how vulnerable personal information can be. The FBI recently warned that a hacking group called Scattered Spider is actively targeting airlines and the transportation sector. So, what should you do if your data was compromised, and how can you protect yourself moving forward?
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.
Qantas aircraft on the runway. (Qantas)
What happened in the Qantas data breach?
On June 30, 2025, Qantas found unusual activity on a third-party customer service platform. Hackers broke into this system and took personal information, such as names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
Qantas confirmed that hackers did not access credit card details, financial information, or passport data. The airline quickly stopped the breach and began telling affected customers. We reached out to Qantas for comment. They referred us to their official update, which says the system remains secure. No one compromised frequent flyer accounts or passwords. Qantas also reports no further threat activity. The airline is working with cybersecurity experts and government authorities to investigate. They have added new security measures to protect customer data and frequent flyer accounts.
Qantas app on a smartphone. (Qantas)
Why this Qantas data breach matters for travelers now
The timing is alarming. Just days before the breach, the FBI warned that Scattered Spider, a hacking group known for its social engineering and ransomware tactics, was targeting airlines. This group has been linked to attacks on Hawaiian Airlines and WestJet.
Chris Borkenhagen, a seasoned cybersecurity leader who serves as CISO & Chief Digital Officer at AuthenticID and brings over two decades of experience protecting digital identities, explains:
“Even partial personal data like names, contact details, birthdates, and loyalty account numbers can be weaponized by cybercriminals. Affected consumers should immediately update passwords, especially if reused elsewhere, and enable multi-factor authentication.”
Qantas aircraft at a gate at an airport. (Qantas)
Why airline data is valuable to hackers
Airline data is highly valuable to hackers because, even without financial details, airlines collect a wealth of personal information that criminals can exploit. Hackers can use this data to hijack loyalty accounts and steal points or miles, create fake identities for fraudulent activities, and launch highly convincing phishing campaigns that target both travelers and employees. Airline breaches are especially dangerous since they often involve a combination of personal, behavioral, and contextual data, which enables cybercriminals to carry out targeted attacks with greater effectiveness.
Qantas aircraft at a gate at the airport. (Qantas)
Signs your data is being misused after a data breach
Watch for these red flags after a breach:
- Suspicious messages referencing your frequent flyer account
- Unexplained changes to airline or loyalty program settings
- Notifications about credit applications you did not initiate
- Sudden drops in your credit score
“Cybercriminals act fast after breaches, using personal details to impersonate victims or extract more data. Investigate any unusual activity immediately,” warns Borkenhagen.
What to do if you’re affected by the Qantas data breach
If Qantas notifies you that your data was compromised, act immediately:
1) Update passwords
Change passwords on your airline account and any other accounts using the same credentials. Use strong, unique passwords. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords.
2) Enable Multi-factor authentication
Turn on multi-factor authentication (MFA) wherever possible, especially on travel, email, and financial accounts.
3) Monitor accounts
Watch your loyalty program and financial accounts for any unusual activity.
4) Use an identity theft protection service
Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. One of the best parts of my #1 pick is that they have identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft.
5) Stay alert for phishing scams and use strong antivirus software
Watch out for phishing attempts, as scammers may use stolen data to craft convincing messages. Don’t click on any links or download attachments from suspicious emails or texts-instead, verify the sender’s identity by contacting the company directly through their official website or app. Using up-to-date antivirus software can also help detect and block malicious content before it can do harm.
For the best antivirus protection in 2025, visit CyberGuy.com/LockUpYourTech.
6) Remove your data from risky sites
Consider using a personal data removal service to help limit how much of your information is exposed online. Reducing your digital footprint makes it harder for cybercriminals to find and exploit your personal details.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan.
Kurt’s key takeaways
As we’ve seen, airline data breaches, such as the recent Qantas incident, are no longer rare; they’re a growing reality for travelers everywhere. While Qantas acted quickly to contain the breach and safeguard sensitive data, this event is a reminder that cybercriminals are always looking for new ways to exploit personal information. By taking proactive steps, such as updating your passwords, enabling multi-factor authentication, and keeping an eye out for suspicious activity, you can reduce your risk and protect your identity. Don’t wait for the next headline to take action; start securing your accounts and digital footprint today.
Should airlines face stricter legal standards for data protection? Who should enforce these? Let us know by writing us at Cyberguy.com/Contact.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.
Copyright 2025 CyberGuy.com. All rights reserved.
