top of page
ACM_Logo_Lg.png

Follow our Blog

Catch all the latest news in cybersecurity, endpoint security, malware and anti-virus threats by signing up for our Blog.

When you sign up we will send you an email notification to alert you to a new post so you won't miss a thing.

Never Miss a New Blog - Subscribe Here:

Qantas Ransomware / Extortion: What’s going on—and what it means for you

  • Writer: Jason Riley
    Jason Riley
  • Oct 9
  • 4 min read

If you’ve seen the headlines, you’ll know Qantas is in the middle of an ugly cyber incident. A criminal collective (reports say it’s a mash-up of well-known groups) claims to have stolen customer data and is now demanding a ransom. They’ve threatened to leak data on the dark web if negotiations don’t happen by the deadline. Qantas has taken legal action to try to stop misuse of the data and says its core systems remain secure; the breach traces back to a third-party contact-centre platform, not the airline’s main systems.


What Information is at Risk?


Public reporting and Qantas updates

Qantas data breach alert on a laptop with security shield icon.

indicate the incident involves personal info linked to frequent-flyer accounts—things like names, contact details, dates of birth, frequent-flyer numbers, and in some cases addresses and meal preferences. No payment card or credit card numbers have been confirmed as part of the leak by Qantas. The scale is big (millions of records), and criminals are using the publicity to fuel phishing (fake emails/texts/calls that look like they’re from Qantas or government).




Why Qantas Ransomware Matters to Everyday Users and Small Businesses


Large corporations, like Qantas, are obvious targets for obvious reasons, chief among them is the potential for a multi-million dollar pay-off. But there is also much to be learned by the rest of us. such as:


  1. More targeted scams. If criminals have your name, phone and email, they can craft messages that feel real (e.g., “update your Qantas points” or “verify your booking”). One careless click = account takeover or malware.


  2. Credential stuffing. Many people reuse passwords. If your email appears in any breach, criminals try that email+password on other sites (banking, email, Microsoft/Google). That’s how account break-ins often happen.


  3. Third-party risk for small business. Qantas is a reminder that even if your systems are fine, a vendor’s system can expose your customers or staff. That’s supply-chain risk in plain language.


What you Should do Today (Your 5-minute Check-List)


There is plenty you can do to protect yourself, and you should treat this as a priority in your activities for today:


  • Change your Qantas password (and any account that reuses that password).


  • Turn on multi-factor authentication (MFA) everywhere you can.


  • Ignore links in messages. If you get a Qantas-looking SMS or email containing a link, don’t click it. Instead, go directly to the official website or app and conduct your business there.


  • Check your email and cloud accounts for unusual logins. Most services show “Recent activity” so any emails you receive alerting you to these sorts of activities could be evidence of the hackers trying to access your accounts.


  • Watch for identity misuse. Keep an eye on unexpected credit applications or “new device” alerts.


  • Update your devices. Apply updates on phones, laptops, browsers, and routers to shut off known holes. It is good practice to switch on 'auto'updates' wherever possible.


For practical step-by-step guides, see the Australian government’s advice on what to do after a data breach. It's free and applies to individuals and small business owners (Cyber.gov.au)


A Small-Business Action Plan (that actually fits on one page)


The Qantas ransomware incident serves to remind small-business owners that they need to keep a handy response checklist. These simple steps could save your business:


1) Lock accounts down

  • Enforce MFA for email, Microsoft/Google, payroll, banking, Xero/MYOB.

  • Use a password manager and unique passwords. (No shared inbox passwords.)


2) Patch the basics

  • Turn on automatic updates for Windows/macOS, browsers, iPhones and security tools.

  • Remove old accounts and unused apps so there is less for the hackers to attack.


3) Train your team (15 minutes a month)

  • Show real phishing examples (especially “urgent payment” and “account verification” lures).

  • Run a 3-step rule: pause → verify via another channel → then act.

  • Never pay an invoice that has account details differing to a clients previous invoice - call them first!


4) Backups that survive ransomware

  • Keep versioned, offline (or immutable) backups of your files and email.

  • Test restore quarterly. A backup you haven’t tested is a hope, not a plan.

  • Consider using one of the more secure plans on offer from many Cloud storage providers.


5) Vendor hygiene

  • Keep a short register of your critical suppliers (IT support, web host, payments, marketing tools).

  • Ask two questions: Do you support MFA? How do you report incidents to us?

  • Add breach response contacts for each supplier.


6) Prepare a mini response kit

  • Who to call (IT, bank, telco, insurer).

  • Pre-written customer notice templates (saved offline).


One Final Tip for Business Owners


It may seem old-fashioned, but as a last line of defence, you can store Admin credentials in a sealed envelope and keep it in a secure vault or safe as a break-glass option.


What Qantas Customers can do Specifically


If you're a Qantas customer, you can head over to the Qantas customer information page for the latest updates and support options (identity protection, FAQs).


In the meantime, you should treat any message about “Qantas Points”, “bonus offers”, or “security verification” as suspicious and only access your account via the official app or by typing the official URL. intop ypour browser.


Finally, consider placing extra alerts/locks with your bank and monitoring your credit file if you see suspicious activity. Government guidance covers this in plain language, and we encourage you to learn more here: Cyber.gov.au


The Big Lesson: It’s not just “a Qantas problem”


This incident shows the pattern we keep seeing in Australia: social engineering to get a foothold, broad data theft, then extortion (ransom for not leaking). Even if the court orders and takedowns work, criminals often copy data around. So the smartest response is to harden your accounts, prepare your backups, and practise quick, calm verification as a habit.


Arafura Consulting & Media Can Help


If you’re a Territory household or small business owner looking for a quick safety tune-up, we can assist with MFA rollouts, password managers, device updates, and ransomware-resilient backups. No jargon—just a simple plan that fits your budget. Contact us today and lets discuss keeping your data safe.

Comments

bottom of page