Cybercriminals hit Qantas in a major data breach that exposed information from up to six million customers. Airline data breaches are on the rise, putting millions of travelers at risk. The Qantas incident underscores how vulnerable personal information can be. The FBI recently warned that a hacking group called Scattered Spider is actively targeting airlines and the transportation sector. So, what should you do if your data was compromised, and how can you protect yourself moving forward?
Credit: Qantas
What happened in the Qantas data breach?
On June 30, 2025, Qantas found unusual activity on a third-party customer service platform. Hackers broke into this system and took personal information, such as names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
Qantas confirmed that hackers did not access credit card details, financial information, or passport data. The airline quickly stopped the breach and began telling affected customers. We reached out to Qantas for comment. They referred us to their official update, which says the system remains secure. No one compromised frequent flyer accounts or passwords. Qantas also reports no further threat activity. The airline is working with cybersecurity experts and government authorities to investigate. They have added new security measures to protect customer data and frequent flyer accounts.
Credit: Qantas
Why this Qantas data breach matters for travelers now
The timing is alarming. Just days before the breach, the FBI warned that Scattered Spider, a hacking group known for its social engineering and ransomware tactics, was targeting airlines. This group has been linked to attacks on Hawaiian Airlines and WestJet.
Chris Borkenhagen, a seasoned cybersecurity leader who serves as CISO & Chief Digital Officer at AuthenticID and brings over two decades of experience protecting digital identities, explains:
“Even partial personal data like names, contact details, birthdates, and loyalty account numbers can be weaponized by cybercriminals. Affected consumers should immediately update passwords, especially if reused elsewhere, and enable multi-factor authentication.”
Credit: Qantas
Why airline data is valuable to hackers
Airline data is highly valuable to hackers because, even without financial details, airlines collect a wealth of personal information that criminals can exploit. Hackers can use this data to hijack loyalty accounts and steal points or miles, create fake identities for fraudulent activities, and launch highly convincing phishing campaigns that target both travelers and employees. Airline breaches are especially dangerous since they often involve a combination of personal, behavioral, and contextual data, which enables cybercriminals to carry out targeted attacks with greater effectiveness.
Credit: Qantas
Signs your data is being misused after a data breach
Watch for these red flags after a breach:
- Suspicious messages referencing your frequent flyer account
- Unexplained changes to airline or loyalty program settings
- Notifications about credit applications you did not initiate
- Sudden drops in your credit score
“Cybercriminals act fast after breaches, using personal details to impersonate victims or extract more data. Investigate any unusual activity immediately,” warns Borkenhagen.
What to do if you’re affected by the Qantas data breach
If Qantas notifies you that your data was compromised, act immediately:
1) Update passwords
Change passwords on your airline account and any other accounts using the same credentials. Use strong, unique passwords. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
2) Enable Multi-factor authentication
Turn on multi-factor authentication (MFA) wherever possible, especially on travel, email, and financial accounts.
3) Monitor accounts
Watch your loyalty program and financial accounts for any unusual activity.
4) Use an identity theft protection service
Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. One of the best parts of my #1 pick is that they have identity theft insurance off up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.
Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.
See my full list of trusted identity theft protection services and expert tips to stay safe online.
5) Stay alert for phishing scams and use strong antivirus software
Watch out for phishing attempts, as scammers may use stolen data to craft convincing messages. Don’t click on any links or download attachments from suspicious emails or texts-instead, verify the sender’s identity by contacting the company directly through their official website or app. Using up-to-date antivirus software can also help detect and block malicious content before it can do harm.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
6) Remove your data from risky sites
Consider using a personal data removal service to help limit how much of your information is exposed online. Reducing your digital footprint makes it harder for cybercriminals to find and exploit your personal details.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
Borkenhagen advises, “Apply the same security rigor to airline accounts as you do to banking. Be cautious of unsolicited messages and verify through official channels.”
How one convincing SSA scam nearly tricked a reader, and the five red flags to check before you click.
Saturday, June 13 at 10 AM ET.
See Kurt’s 2026 picks for every kind of dad.
[Ep. 34] Is that Social Security email in your inbox real?
```Kurt’s key takeaways
As we’ve seen, airline data breaches, such as the recent Qantas incident, are no longer rare; they’re a growing reality for travelers everywhere. While Qantas acted quickly to contain the breach and safeguard sensitive data, this event is a reminder that cybercriminals are always looking for new ways to exploit personal information. By taking proactive steps, such as updating your passwords, enabling multi-factor authentication, and keeping an eye out for suspicious activity, you can reduce your risk and protect your identity. Don’t wait for the next headline to take action; start securing your accounts and digital footprint today.
Should airlines face stricter legal standards for data protection? Who should enforce these? Share your thoughts in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
