The Cyber Express reports that Australia's privacy regulator, the Office of the Australian Information Commissioner (OAIC), has concluded its preliminary inquiry into the Qantas data breach from June 2025, deciding not to hold the airline responsible. The breach exposed the personal data of approximately 5.67 million customers.The data exposure occurred through a sophisticated vishing attack where a threat actor, posing as IT support, tricked a contact center agent into visiting a malicious website. This action allowed the attacker to access and extract data from the customer relationship management platform. The OAIC found that Qantas had taken reasonable steps to protect customer information and that the attack exploited a rare social engineering tactic not typically covered by standard training, as well as a default CRM setting.Approximately 4 million records included names, phone numbers, and email addresses, while another 1.7 million contained additional details like addresses and dates of birth. No financial information or passwords were compromised.Source: The Cyber Express
Breach
Australian regulator declines to find Qantas responsible for 5.67 million customer data exposure

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds



