EDITORIAL: Qantas cyber attack is a wake-up call to businesses

Now it’s Qantas’s turn.
Our national airline is the latest big Australian company to fall prey to a malicious cyber hack.
The flying kangaroo is in esteemed company — other big businesses to be targeted in recent years include Medibank, Optus and some of the nation’s biggest superannuation funds.
Sign up to The Nightly's newsletters.
Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.
By continuing you agree to our Terms and Privacy Policy.These aren’t just any rinky-dink businesses but trusted institutions.
Qantas has stressed that no credit card or passport details were lost in the heist. But that’s likely little comfort to the 6 million Australians whose details have been compromised.
We are still waiting to hear the full scale of the breach, but Qantas says the expect the volume of data now in criminal hands to be “significant”.
The database accessed by hackers held customers’ names, date of birth, phone numbers, emails and frequent flyer numbers — all valuable information which can be on-sold to identity thieves and scammers.
If you are one of the unlucky ones who receives an email from Qantas to say your details have been compromised, you’ll know who to blame when you are bombarded with scam calls and malicious texts. And while we are getting better at identifying scams, so too are the scammers getting more sophisticated.
It’s believed the crooks gained access to the system via the airline’s Manila call centre, potentially in a surprisingly lo-fi way — by impersonating a Qantas employee and talking their way in.
In 2025, customers have little choice but to trust businesses with their details online. That’s where we do business.
And just as businesses have an obligation to keep their customers safe in their bricks and mortar stores, they have an obligation to keep them safe online.
At the moment, they are not fulfilling that obligation.
Qantas chief executive Vanessa Hudson has apologised to customers for the breach. Qantas has notified police and the information commissioner.
But apologies after the fact aren’t worth much. This hack must surely be a wake-up call to businesses that no one is immune from these attacks.
It should be a wake-up call too to the Albanese Government that it needs to do more to protect Australian consumers.
When hackers broke into superannuation funds earlier this year, draining the accounts of an unlucky few, Anthony Albanese’s response left much to be desired. The Prime Minister described the breach as a “regular issue”.
Unfortunately, he is right. If you haven’t yet been caught up in one of these incidents, you are one of a rare few. And with artificial intelligence giving rise to increasingly sophisticated deep fakes, the problem is only getting worse.
That doesn’t mean businesses and the Government can throw their hands up in surrender.
Businesses need to invest more in their defences and governments must enact tighter regulations to ensure customers are kept safe from malicious forces online.
Responsibility for the editorial comment is taken by Editor-in-Chief Christopher Dore.