Update, July 3, 2025: This story, originally published on July 2, has been updated with expert comment from cybersecurity professionals regarding the Qantas cyberattack that followed an FBI warning regarding 2FA bypass attacks targeting the airline industry.

Just days after the Federal Bureau of Investigation issued a warning that Scattered Spider hackers were targeting new sectors with 2FA bypass attacks, those attacks have started. Qantas has confirmed that a data breach, potentially exposing the personal information of six million customers, successfully targeted a third-party supplier. As I have said previously, when the FBI issues a cybersecurity alert of any kind, everybody must pay close attention. Here’s what you need to know and do.

The Australian airline, Qantas, is reaching out to customers with a warning that it has detected unusual activity on a third-party platform used to store the details of six million people. The information includes names, email, dates of birth and Qantas frequent flyer details. This comes just days after the FBI issued a warning to the aviation industry, stating that the Scattered Spider ransomware attack group, known for its attacks on the retail and insurance sectors, was shifting its focus to transportation and aviation in particular.

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,” an FBI spokesperson said in an email, adding that the attackers were employing “social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.”

A July 2 statement by Qantas regarding the incident has now been published, and confirms that “the incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform.” Exactly the attack route we see in Scattered Spider attacks.

Qantas has confirmed that it took immediate action on July 1 when the activity was detected, contained the system and that all other Qantas systems remain secure. “There is no impact to Qantas’ operations or the safety of the airline,” the statement said.

With six million customers at risk of data breach, Qantas has also confirmed that it is continuing to investigate the proportion of the data that has been stolen, but has said it expects “it will be significant.”

No credit card or passport details have been impacted.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” Qantas Group chief executive officer, Vanessa Hudson, said.

Worried customers can contact a dedicated support line on 1800 971 541 or +61 2 8028 0534.

“With airlines entering their busiest period of the year, the aviation industry is now feeling the added burden of having to deal with cybercriminals,” James Neilson, a senior vice president at OPSWAT, said. “With Qantas the latest victim in a string of attacks against airlines, attackers are likely to be further emboldened to continue targeting companies in the sector.”

“Groups like Scattered Spider have a history of launching sector-specific campaigns, so it’s hardly surprising aviation appears to be next on their list,” ex-FBI special agent dealing with cybercrime, Adam Marrè, and now chief information security officer at Arctic Wolf, said. “CISOs may sound like a broken record, but this attack should serve as another reminder of the need for businesses to assess cyber defences internally and across supply chains,” Marrè continued, “alongside having an effective Incident Response plan in place.” As far as consumers are concerned, Marrè advised that they should treat “every text, email and phone call coming from their airline with caution and enabling multi-factor authentication across accounts.”

As a Qantas Frequent Flyer member himself, Ross Brewer, vice president of EMEA at Graylog told me, the recent data breach carried a personal significance. “While it’s reassuring to know that no passwords, financial data, or identity documents were compromised,” Brewer said, “the incident serves as a stark reminder of the importance of robust logging and monitoring practices in cybersecurity.” Qantas must exert caution when communicating the wider impact of the incident, according to Brewer, who concluded with a warning that “over-disclosure, such as claiming the entire customer base was affected, can lead to unnecessary alarm. Clear, specific communication is far more effective in maintaining public trust and supporting a transparent, measured response.”

Everyone, across all industry sectors and consumers alike, should heed the FBI warning as a wake-up call to assess their security hygiene. And take action now, not later.