In early July 2025, Qantas—a household name in Australian aviation—fell victim to a disturbing cyber incident. The airline discovered unusual activity in a third-party platform used by its contact centre and immediately initiated containment measures. Qantas But that was only the beginning.
Qantas later revealed that cybercriminals used AI to impersonate a Qantas employee, tricking a call-centre operator in Manila. Via this deception, the attackers accessed the system and downloaded personal data belonging to millions of customers. The hackers then demanded a response within 72 hours.
Court documents disclosed that on 4 July, Qantas received at least three heavily redacted emails from the attackers. These emails included samples of the stolen data—names, email addresses, phone numbers, dates of birth, Frequent Flyer numbers—and concluded with a 72-hour deadline for reply.
Between 5.7 and 6 million customer records were affected. Fortunately, no sensitive credentials—such as passwords, PINs, credit-card or passport data—were compromised, thanks to Qantas’s segregated database structure. Affected data, depending on the individual record, may have included emails, Frequent Flyer tier and points, addresses, phone numbers, birth dates—and even, in rare cases, meal preferences.
Qantas took immediate action by isolating the impacted system, securing an injunction to prevent data publication, and providing a dedicated support line for affected customers. Authorities including the Australian Cyber Security Centre, the National Cyber Security Coordinator, the Australian Federal Police, and independent cybersecurity experts became involved. CEO Vanessa Hudson apologised, emphasised system segmentation, and vowed to review offshore call centre vulnerabilities.
Qantas’s experience underscores a hard truth for modern organisations—detection and response are not sufficient alone. By the time a threat is detected, attackers may already have moved laterally or exfiltrated data. What matters more is stopping the attack in its tracks.
AppGuard flips the paradigm. Rather than waiting to detect threats, it blocks malicious activity at the source—by isolating and containing threats before they can breach sensitive systems. With over a decade of proven endpoint protection success, AppGuard has demonstrated that prevention is far more effective than reaction.
Proactive Defense Beats Damage Control
Qantas’s breach could have been far worse if the hackers had accessed deeper, more sensitive systems. AppGuard’s containment-first strategy helps prevent such escalation.
Third-Party Risk Is Business Risk
Many organisations rely on shared platforms or outsource critical operations. That dependency becomes a vulnerability unless isolated effectively. AppGuard controls the endpoints, regardless of platform risks.
Complex Threats Use Social Engineering
The attack began with AI-enabled impersonation and a phishing interaction. Traditional detection—which often relies on known signatures—struggles to catch these dynamic threats. AppGuard doesn’t rely on threat signatures, but instead on ensuring untrusted behavior is contained.
Qantas’s 72-hour deadline wasn’t just a headline—it was a warning. Modern threats will always outpace traditional detection tools. For business owners, it’s time to pivot from playing defense after the fact to enforcing isolation before threats materialise.
If you’re a business owner concerned about endpoint security, let’s talk. At CHIPS, we believe that Detect and Respond is passé. It’s time for Isolation and Containment. Reach out to us today to learn how AppGuard—a 10-year proven endpoint protection solution—is available now for commercial use. Protect your organisation before hackers strike.
Interested in safeguarding your infrastructure with AppGuard? Contact CHIPS now and move your defense from reactive to proactive.
Like this article? Please share it with others!