Jun 20, 2025 · News · 1 min read

6 Million Qantas Customers. One Third-Party Call Center.

Qantas confirmed a data breach affecting up to 6 million customers. Names, emails, phone numbers, birth dates, frequent flyer numbers — all PII exposed.

The source? A third-party call center platform.

Not Qantas’s core systems. Not their main database. A vendor they trusted to handle customer calls.

This keeps happening. You can lock down your own infrastructure, but if your vendors aren’t held to the same standard, it doesn’t matter. Their breach becomes your headline.

The scary part? Most companies don’t have visibility into what data their vendors actually hold. They just assume it’s handled.

Assumption isn’t a security strategy.

Try Free Risk Scanner | Risk Finder Pricing

Read more at Findings

Back to Blog

View All Posts »

1.4 Million Insurance Customers. One Social Engineering Call.

Allianz Life Insurance confirmed a breach affecting 1.4 million customers in North America. How did attackers get in? Social engineering.

Hertz, Dollar, Thrifty: 1 Million People, Same Breach

Hertz disclosed a breach affecting over a million people across Hertz, Dollar, and Thrifty brands. The root cause? Zero-day vulnerabilities in a third-party file transfer platform.

3.3 Million People Found Out 10 Months Later

DISA Global Solutions runs background checks for tens of thousands of companies. The breach happened in April 2024. They didn't notify the 3.3 million affected people until February 2025.

5.6 Million SSNs Stolen Through an API

A third-party integration partner was compromised, giving attackers sustained access to bulk-copy 5.6 million consumer records including Social Security numbers.

6 Million Qantas Customers. One Third-Party Call Center.

Related Posts

1.4 Million Insurance Customers. One Social Engineering Call.

Hertz, Dollar, Thrifty: 1 Million People, Same Breach

3.3 Million People Found Out 10 Months Later

5.6 Million SSNs Stolen Through an API