Breach

Australian regulator declines to find Qantas responsible for 5.67 million customer data exposure

Qantas Australian airline plane

The Cyber Express reports that Australia's privacy regulator, the Office of the Australian Information Commissioner (OAIC), has concluded its preliminary inquiry into the Qantas data breach from June 2025, deciding not to hold the airline responsible. The breach exposed the personal data of approximately 5.67 million customers.

The data exposure occurred through a sophisticated vishing attack where a threat actor, posing as IT support, tricked a contact center agent into visiting a malicious website. This action allowed the attacker to access and extract data from the customer relationship management platform. The OAIC found that Qantas had taken reasonable steps to protect customer information and that the attack exploited a rare social engineering tactic not typically covered by standard training, as well as a default CRM setting.

Approximately 4 million records included names, phone numbers, and email addresses, while another 1.7 million contained additional details like addresses and dates of birth. No financial information or passwords were compromised.

Source: The Cyber Express

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack Vector

You can skip this ad in 5 seconds