Qantas Cyber Attack Hits 6 Million Customers as Government Warns Against Ransom Payment
Minister reveals scale of data breach in wide-ranging interview covering arts controversy and visa cancellations
Qantas has suffered a major cyber attack affecting approximately 6 million customers, with hackers stealing personal data including names, email addresses, phone numbers and birth dates, Home Affairs Minister Tony Burke revealed today.
The breach, which occurred through a third-party call center, represents one of Australia's largest cyber security incidents and prompted urgent government warnings about follow-up scams targeting affected customers.
"6 million customers have been affected, so everybody has received the first email, but those affected will receive the second email from Qantas, letting them know the way in which they've been affected," Burke told ABC's Afternoon Briefing program.
The stolen information does not include financial data such as credit cards or passport details, but extends to frequent flyer numbers and potentially meal preferences and other personal details stored in customer databases.
Burke spoke twice with Qantas acting CEO Steph Tully today as the airline works with government agencies including the Australian Signals Directorate to contain the breach. CEO Vanessa Hudson is currently on leave.
"The government always advises against paying a ransom because it keeps these characters in business," Burke said, referencing new legal obligations requiring companies to notify authorities if they pay cyber criminals.
The minister issued specific warnings to consumers about potential follow-up fraud attempts: "If anyone gets a cold call from Qantas, hang up. If you're going to talk to Qantas on the phone, use the published number and you make the call."
Burke emphasized that companies cannot outsource their cyber security obligations even when using third-party services. "Outsourcing, you can't outsource your cyber security obligations," he said.
The attack bears similarities to previous major breaches including the 2022 Optus incident, though Burke noted officials are still determining the full scope of compromised data.
While Burke declined to confirm the identity of the attacking group, he acknowledged awareness of the Scattered Spider Ransomware Group, which has targeted airlines and retail stores in the US and UK.
Artist Reinstated for Venice Biennale
In a separate development, Lebanese-Australian artist Khaled Sabsabi has been reinstated to represent Australia at the Venice Biennale after Creative Australia reversed its earlier decision to cancel his contract.
Burke received notification of the reinstatement approximately 20 minutes before the interview from Creative Australia CEO Adrian Collette.
"The contract had now been settled and Khaled Sabzabi and as well Michael Agostino as the curator have been recommissioned for the Venice Biennale," Burke said.
The original cancellation followed controversy over two artworks from approximately 20 years ago that appeared offensive at first glance but were later deemed non-promotional of terrorism after review.
"When the criticism that was done at the time said these were not pro-terrorist works and the artist himself says there is nothing in this that's meant to, in any way, endorse terrorism, then I don't think politicians can say, well, you're all wrong," Burke explained.
The minister maintained confidence in the Creative Australia board despite the reversal, arguing that removing board members over decisions would undermine arm's length funding principles.
Truth matters. Quality journalism costs.
Your subscription to The Evening Post (Australia) directly funds the investigative reporting our democracy needs. For less than a coffee per week, you enable our journalists to uncover stories that powerful interests would rather keep hidden. There is no corporate influence involved. No compromises. Just honest journalism when we need it most.
Not ready to be paid subscribe, but appreciate the newsletter ? Grab us a beer or snag the exclusive ad spot at the top of next week's newsletter.
Kanye West Barred from Australia
Burke also revealed that rapper Kanye West's Australian visa has been cancelled following the release of what the minister described as a "Heil Hitler song."
"My officials looked at it again once he released the Heil Hitler song, and he no longer has a valid visa in Australia," Burke said.
The cancellation appears to be previously unreported, with Burke confirming West cannot currently enter Australia even for concerts, though any new visa application would be assessed independently.
The decision follows the government's broader approach to preventing what Burke termed "importing hatred" through visitor visas.
Visa Denial for Israeli-American Advocate
Burke addressed reports that US Ambassador to Israel Mike Huckabee had appealed for the visa of Israeli-American tech advocate Hillel Fuld, though the minister said the email was never received.
Burke defended the visa cancellation, stating Fuld had publicly written that "Islamophobia is rational."
"If someone argued that anti-Semitism was rational, I would not let them come here on a speaking tour. And if someone has the same view of Islamophobia, I don't want them here when the purpose of the visa is to give public speeches," Burke said.
Other Policy Matters
Burke addressed criticism from Shadow Immigration Minister Paul Scarr regarding preventative detention laws, attributing limitations to constitutional constraints rather than legislative deficiencies.
"The legal threshold is because of the Constitution. You can't pass a law that evades the Constitution," Burke said, referencing High Court decisions that have made detention more difficult.
On childcare legislation addressing emergency situations particularly affecting Melbourne, Burke indicated the government remained committed to introducing measures but timing depends on drafting completion.
The minister confirmed the government's first legislative priority when Parliament returns would be reducing HECS debts, as previously committed.
Burke's appearance covered multiple portfolio responsibilities as Minister for Home Affairs, the Arts and Cyber Security, highlighting the interconnected nature of contemporary security and cultural policy challenges.
The Qantas breach adds to growing concerns about cyber security vulnerabilities in major Australian corporations, particularly those involving third-party service providers that handle sensitive customer data.
Consumer advocacy groups have long warned about the risks of data aggregation by major companies, with airlines holding particularly comprehensive personal information about travel patterns, preferences and identification details.
The government's response to today's revelations will likely focus on both immediate consumer protection and longer-term policy reforms around corporate cyber security obligations and third-party risk management.
Got a News Tip?
Contact our editor via Proton Mail encrypted, X Direct Message, LinkedIn, or email. You can securely message him on Signal by using his username, Miko Santos.
As well as knowing you’re keeping The Evening Post (Australia) alive, you’ll also get:
Get breaking news AS IT HAPPENS - Gain instant access to our real-time coverage and analysis when major stories break, keeping you ahead of the curve
Unlock our COMPLETE content library - Enjoy unlimited access to every newsletter, podcast episode, and exclusive archive—all seamlessly available in your favorite podcast apps.
Join the conversation that matters - Be part of our vibrant community with full commenting privileges on all content, directly supporting The Evening Post (Australia)
Not ready to be paid subscribe, but appreciate the newsletter ? Grab us a beer or snag the exclusive ad spot at the top of next week's newsletter.