Qantas 2025 Data Breach

Qantas Australian Flag Carrier Airline Breach (2025): 6 Million Passenger Records Including Home Address Exposed via Third-Party Call Centre | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersCredential TheftTravel: AirEmail AddressPhone NumberPhysical Address
Moderate SeverityWebsite / service breach

Qantas Australian Flag Carrier Airline Breach (2025): 6 Million Passenger Records Including Home Address Exposed via Third-Party Call Centre

Australian flag carrier airline.

Verified by ObscureIQ Intelligence
48/100Breach Risk Index
8Data Value
60Market Recency
153dSince Breach

Breach Intelligence Summary

Entity: Qantas · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Credential Theft
Profile: Company · Passenger air transportation · Commercial airline · Australia / Global
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 6.0M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Confirmed

Executive Summary

On 30 June 2025, Qantas detected unauthorized access to a third-party Salesforce platform used by its Manila call center, achieved through voice-phishing of a call-center operator. Data on about 5.7 million customers was later dumped on 12 October 2025. Exposed data included names, email addresses, dates of birth, frequent-flyer numbers, and for some customers phone numbers and addresses. Credit-card and passport details were not exposed.

ObscureIQ assessment: High risk of travel-themed phishing, loyalty fraud, impersonation, and targeted scams. Frequent-flyer identifiers and support-context records make it easier to convincingly pose as airline staff or exploit high-value travelers.

Breach Impact

The name/DOB/email/loyalty combination is well suited to convincing spear-phishing and loyalty-account takeover; addresses and phone numbers for a subset add targeting depth.

About Qantas

Qantas is the flag carrier airline of Australia, operating domestic and international flights and the Frequent Flyer loyalty program.

Why They Hold Your Data

Airlines and travel brands collect customer identity, contact, support, and loyalty-program data across booking and service systems. In this case, leaked data reportedly included emails, phone numbers, home addresses, frequent-flyer numbers, tier status, and in some cases meal preferences from a third-party customer service platform.

Recent Developments

Qantas detected the intrusion on a third-party customer-service platform in late June 2025; the stolen data was posted publicly in October 2025 after failed extortion.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Credential Theft

Attribution and method are based on available breach intelligence. Reported attack vector: Credential Theft.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Qantas breach?

On 30 June 2025, Qantas detected unauthorized access to a third-party Salesforce platform used by its Manila call center, achieved through voice-phishing of a call-center operator. Data on about 5.7 million customers was later dumped on 12 October 2025. Exposed data included names, email addresses,…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation