Exclusive Qantas hacker gave airline 72hour deadline Australian Aviation
pUsername or email already exists Login hereppIf your email is already registered you will have provided it to us previously for one of our eventswebcastsnewslettersppYou can use your existing password to login or if you cant remember it you can reset it using the link provided hereppQantas aircraft at Melbourne Airport Image Josh WithersPexels
ppA collective claiming to be behind Qantas recent cyber hack sent the airline nine pages of data it had apparently stolen from customers and then demanded a reply within 72 hours
ppThe threat was revealed in documents that the Flying Kangaroo submitted to court to obtain an injunction which has for the first time laid out the timeline of events following the attackpp
Username or Email Address
pp
Password
pp Keep me signed in on this device
pp
ppThe incident reportedly involved cyber criminals using AI to impersonate a Qantas employee and then tricking a customer service operator in Manila into divulging crucial information
ppWhile no group has publicly claimed responsibility reports suggested that a hacking collective known as Scattered Spider may be behind the attack In total nearly 6 million customers were thought to be affected
ppThe documents obtained by Australian Aviations sister brand Cyber Daily showed how as Qantas was attempting to shape the media narrative the apparent hackers were preparing their next moves
ppQantas first confirmed that one of its offshore offices which hosted customer data on a thirdparty platform had been compromised on 2 July and that the initial incident of unauthorised access had occurred the day before on Monday 1 July
ppOn 4 July at just after 6am Qantas published another update on the incident outlining its ongoing response and investigation to the incident and noting that at that time Qantas has not been contacted by anyone claiming to have the data and were continuing to work with the government authorities to investigate the incident
ppHowever later on that same day the hackers sent Qantas several emails outlining the scope of the data impacted Qantas provided the emails to the Supreme Court as part of its efforts to obtain an injunction against the publication or sharing of the stolen data
ppQantas received at least three emails on 4 July all with the same subject line CRITICAL REPLY Qantas Airways Limited DatabreachCyberattack As provided to Cyber Daily the emails were heavily redacted but it appeared the hackers identified themselves to Qantas
ppHello we are REDACTED the email said
ppWere contacting you to inform you that were the collective thats behind the Qantas Airways Limited qantascom data breach one of the biggest in Australias history close in the rankings of the Optus Medibank and Latitude hacks
ppThe next sentence was entirely redacted and following that the hackers revealed the total count of compromised records also redacted as well as details of what they possess including full names email addresses phone numbers dates of birth and Frequent Flyer numbers
ppThe hackers also warned they had much more than that and said We will provide large samples of the data below
ppWhat followed was almost nine pages of what appear to be lines of data likely each corresponding to a single customers data in much the same way hackers share sample data on hacking forums
ppThis list was also redacted and at the end of the email the hackers provided a Tox address for initial contact
ppThe other letters were largely similar in content though with the headers redacted its impossible to know if theyre from the same individual and sent to the same Qantas representative or from different members of the socalled collective and sent to several contact points at the airline All the emails included a 72hour deadline to make contact
ppWhat appeared to possibly be a fourth email or perhaps a separate attachment was entirely redacted but appeared both lines of text and possibly images all obscured
ppQantas did not initially return the hackers emails and on 7 July the apparent hacker sent a followup Again this email was heavily redacted but it appeared to be lengthier and may outline the consequences if Qantas did not enter into negotiations with the hackers
ppThis is our second attempt at reaching out to resolve this matter the email said The next four or so lines are redacted but the email continues after that
ppAt this time no information has been disclosed or distributed the hackers said If you are not the appropriate contact for this matter please forward this message to someone with the authority to address confidential riskrelated issues
ppWhat followed were more lines of redacted customer data though the hackers gave Qantas another 72hour deadline to respond Still the requested nature of that response was also redacted
ppAt this point Qantas finally contacted the hackers and while Qantas provided this correspondence to the court the version provided was understandably almost completely redacted All thats readable was the subject line of the Qantas email reply Reaching out
ppIn the exchange of emails that followed a Qantas spokesperson sent a total of six emails after the first one of varying lengths In response the airline received 11 emails with the last three all appearing to be without a response from the airline
ppIn a description of the documents provided to the court dated 16 July Qantas said it had provided a complete log of the email exchange between Qantas and the defendant between 4 and 15 July 2025
ppQantas revealed on the evening of 7 July that it had been in contact with a potential cyber criminal but that as the incident was an ongoing criminal matter it wont be commenting any further on the detail of the contact
ppQantas latest update posted to its online News Room said investigations were ongoing and that it was progressively emailing affected customers
ppWe remain in constant contact with the National Cyber Security Coordinator Australian Cyber Security Centre and the Australian Federal Police Qantas CEO Vanessa Hudson said in the 9 July update
ppI would like to thank the various agencies and the federal government for their continued support
ppQantas has declined to offer additional commentppppBy subscribing you agree to our Terms and Conditions and Privacy Statementpp
You dont have credit card details available You will be redirected to update payment method page Click OK to continue p
ppA collective claiming to be behind Qantas recent cyber hack sent the airline nine pages of data it had apparently stolen from customers and then demanded a reply within 72 hours
ppThe threat was revealed in documents that the Flying Kangaroo submitted to court to obtain an injunction which has for the first time laid out the timeline of events following the attackpp
Username or Email Address
pp
Password
pp Keep me signed in on this device
pp
ppThe incident reportedly involved cyber criminals using AI to impersonate a Qantas employee and then tricking a customer service operator in Manila into divulging crucial information
ppWhile no group has publicly claimed responsibility reports suggested that a hacking collective known as Scattered Spider may be behind the attack In total nearly 6 million customers were thought to be affected
ppThe documents obtained by Australian Aviations sister brand Cyber Daily showed how as Qantas was attempting to shape the media narrative the apparent hackers were preparing their next moves
ppQantas first confirmed that one of its offshore offices which hosted customer data on a thirdparty platform had been compromised on 2 July and that the initial incident of unauthorised access had occurred the day before on Monday 1 July
ppOn 4 July at just after 6am Qantas published another update on the incident outlining its ongoing response and investigation to the incident and noting that at that time Qantas has not been contacted by anyone claiming to have the data and were continuing to work with the government authorities to investigate the incident
ppHowever later on that same day the hackers sent Qantas several emails outlining the scope of the data impacted Qantas provided the emails to the Supreme Court as part of its efforts to obtain an injunction against the publication or sharing of the stolen data
ppQantas received at least three emails on 4 July all with the same subject line CRITICAL REPLY Qantas Airways Limited DatabreachCyberattack As provided to Cyber Daily the emails were heavily redacted but it appeared the hackers identified themselves to Qantas
ppHello we are REDACTED the email said
ppWere contacting you to inform you that were the collective thats behind the Qantas Airways Limited qantascom data breach one of the biggest in Australias history close in the rankings of the Optus Medibank and Latitude hacks
ppThe next sentence was entirely redacted and following that the hackers revealed the total count of compromised records also redacted as well as details of what they possess including full names email addresses phone numbers dates of birth and Frequent Flyer numbers
ppThe hackers also warned they had much more than that and said We will provide large samples of the data below
ppWhat followed was almost nine pages of what appear to be lines of data likely each corresponding to a single customers data in much the same way hackers share sample data on hacking forums
ppThis list was also redacted and at the end of the email the hackers provided a Tox address for initial contact
ppThe other letters were largely similar in content though with the headers redacted its impossible to know if theyre from the same individual and sent to the same Qantas representative or from different members of the socalled collective and sent to several contact points at the airline All the emails included a 72hour deadline to make contact
ppWhat appeared to possibly be a fourth email or perhaps a separate attachment was entirely redacted but appeared both lines of text and possibly images all obscured
ppQantas did not initially return the hackers emails and on 7 July the apparent hacker sent a followup Again this email was heavily redacted but it appeared to be lengthier and may outline the consequences if Qantas did not enter into negotiations with the hackers
ppThis is our second attempt at reaching out to resolve this matter the email said The next four or so lines are redacted but the email continues after that
ppAt this time no information has been disclosed or distributed the hackers said If you are not the appropriate contact for this matter please forward this message to someone with the authority to address confidential riskrelated issues
ppWhat followed were more lines of redacted customer data though the hackers gave Qantas another 72hour deadline to respond Still the requested nature of that response was also redacted
ppAt this point Qantas finally contacted the hackers and while Qantas provided this correspondence to the court the version provided was understandably almost completely redacted All thats readable was the subject line of the Qantas email reply Reaching out
ppIn the exchange of emails that followed a Qantas spokesperson sent a total of six emails after the first one of varying lengths In response the airline received 11 emails with the last three all appearing to be without a response from the airline
ppIn a description of the documents provided to the court dated 16 July Qantas said it had provided a complete log of the email exchange between Qantas and the defendant between 4 and 15 July 2025
ppQantas revealed on the evening of 7 July that it had been in contact with a potential cyber criminal but that as the incident was an ongoing criminal matter it wont be commenting any further on the detail of the contact
ppQantas latest update posted to its online News Room said investigations were ongoing and that it was progressively emailing affected customers
ppWe remain in constant contact with the National Cyber Security Coordinator Australian Cyber Security Centre and the Australian Federal Police Qantas CEO Vanessa Hudson said in the 9 July update
ppI would like to thank the various agencies and the federal government for their continued support
ppQantas has declined to offer additional commentppppBy subscribing you agree to our Terms and Conditions and Privacy Statementpp
You dont have credit card details available You will be redirected to update payment method page Click OK to continue p
