After MediSecure Optus and Medibank, and now Qantas Airways, we see many headlines in recent years of large companies’ cyber-attacks. These incidents have raised serious questions about the security of Australians’ personal data. In 2024, MediSecure had a critical breach that affected nearly 13 million people. Both Optus and Medibank experienced catastrophic breaches in 2022. These outages affected almost 9.8 million and 9.7 million affected customers, respectively.
On October 12, 2025, Qantas confirmed that hackers had released stolen customer data months after a cyber breach occurred in July 2025. The attack primarily targeted a branch more focused on a call center that operated off a third-party customer support platform. Because of this, security guards were able to access sensitive customer information.
Qantas recently disclosed a major data breach affecting more than one million affected customers. Sensitive information such as phone numbers, birth dates, and home addresses were leaked. On top of that, the names and emails of four million customers were hacked. This breach is one of the biggest cyber events Australia has experienced in the last several years. It continues a now unprecedented trend of cyberattacks that have recently breached the details of millions of Australians.
In response to the breach, Qantas sought a court injunction aimed at preventing the stolen data from being “accessed, viewed, released, used, transmitted or published” by any party, including third parties. Troy Hunt, a cybersecurity expert, raised doubts about the impact of such injunctions. He pointed out that similar court orders in Australia and the United Kingdom were routinely ignored by criminals.
Qantas had fully accepted the seriousness of the breach. They claim they have had no other breaches after that breach occurred. In response to the incident, the airline is said to be working with Australian security agencies to deal with the situation and improve its cybersecurity defenses overall.
The recent breaches of Qantas, Optus and Medibank have raised alarm bells. With our lives rapidly moving online, consumers deserve to have confidence that their personal data is safe. Together, these incidents illustrate a pattern of vulnerabilities across both the public and private sectors. These experts unequivocally recommend and compel industries to strengthen cybersecurity measures to protect data from dangerous threats.
