A data breach at Qantas by way of a third-party service is typical of the Scattered Spider assault group, specialists say.
“Qantas’ cyber breach bears the hallmarks of Scattered Spider, the identical group behind current assaults on Hawaiian Airways, WestJet, and Marks & Spencer — possible by way of compromising a third-party SaaS platform like Salesforce or Zendesk,” Toby Lewis, world head of menace evaluation at Darktrace mentioned on Wednesday. “The assault follows their typical playbook,” he mentioned.
Qantas alerted prospects to the breach Wednesday, saying, “On Monday 30 June 2025, we detected uncommon exercise on a third-party platform utilized by a Qantas airline contact centre. We then took instant steps and contained the incident.” Its personal techniques stay safe, it mentioned, and though stolen knowledge included “some prospects’ names, electronic mail addresses, telephone numbers, delivery dates, and Frequent Flyer numbers,” no Frequent Flyer accounts had been compromised, and no passwords or log-in particulars had been accessed. The affected system, which it didn’t determine, contained no bank card particulars, private monetary data, or passport particulars.
