Qantas penalizes executives for July cyberattack

Senior leaders at Australian airline Qantas have had their annual bonuses reduced by 15% following a cyberattack in July that caused a range of issues for the company. 

In its latest earnings report, the company reported a profit of $1.5 billion in the last fiscal year. But in the report, Qantas Group Chairman John Mullen said the company had to acknowledge the impact of the cyber incident — which exposed the information of 5.7 million people.

“While management took immediate action to contain the breach, support customers and put additional protections in place, in recognition of the seriousness of the incident, we decided to reduce 2024/25 short term bonuses by 15 percentage points for the CEO and Executive Management,” Mullen said. 

Qantas explained that this equals a $250,000 reduction in pay for Qantas Group CEO Vanessa Hudson. 

Mullen added that the penalty “reflects their shared accountability, while acknowledging the ongoing efforts to support customers and put in place additional protections for customers.”

In its annual report, Qantas said it is observing increasing social engineering threats and is incorporating what it learned from the cyber incident in its risk management framework. 

A forensic investigation into the incident is still ongoing, but Qantas previously said 2.8 million customers had names, email addresses and Qantas Frequent Flyer numbers leaked. At least 1.7 million other customers had some combination of that information and either home addresses, dates of birth, phone numbers, meal preferences or genders exposed. 

No credit cards or passport details were leaked, the advisory said. The information stolen is not enough to breach Qantas Frequent Flyer accounts, the company added.

The attack on Qantas occurred as cybersecurity experts and federal law enforcement agencies warned of a campaign targeting the airline industry by members of the Scattered Spider cybercriminal group. 

Hackers claiming to have affiliation with a related group called ShinyHunters took credit for the attacks, which allegedly involved the exploitation of platforms and systems connected to Salesforce.