The Federal Bureau of Investigation warned the aviation industry on 27 June that the cyber-criminal collective known as Scattered Spider had broadened its focus from retailers and insurers to airlines, using social-engineering calls to circumvent multi-factor authentication and gain network access. Less than a week later, Qantas Airways disclosed that a hacker had infiltrated a third-party customer-service application used by an overseas call centre on 30 June. The breach—Australia’s largest since the 2022 Optus and Medibank incidents—affected the unique records of 5.7 million customers after duplicate entries were removed. According to the carrier, about four million customers lost only their name, email and frequent-flyer details, while 1.7 million also had some combination of address, date of birth, phone number or meal preference exposed. No credit-card, passport, password or PIN data was held in the compromised system. Qantas has added security controls, begun notifying customers and engaged the Australian Federal Police after a party claiming responsibility made contact on 7 July in what appears to be an extortion attempt. Law-enforcement pressure on Scattered Spider is mounting. On 10 July the UK’s National Crime Agency arrested three teenage males and a 20-year-old woman suspected of involvement in earlier attacks on Marks & Spencer, the Co-op and Harrods—part of a series of incidents security analysts link to the same group now stalking global airlines.