Explore all our services
Design services
Discovery & research
Journey mapping
Prototyping
Accessibility
UX & UI design
Development services
Front-end development
Back-end development
Website development
Mobile development
Delivery services
Project management
Testing & auditing
Support & maintenance
See our live solutions
Solutions
Service finder software
Booking software
Learning management software
Web portal software
Member service portals
Packages
Digital assurance
Idea to prototype
Idea to version one
Technologies
AWS
Node JS
Payload CMS
Python and Django
React JS
+ many more
Read our case studies
Industries
Healthcare
Education
Government
Finance
Arts & recreation
Media & technology
Professional services
Recent client projects
Hunter Health
Macquarie University
Service NSW
Westpac
Museums of History NSW
Val Morgan
Ark
Business sizes
Startups
SMEs
Enterprise
Learn more about us
Explore our careers
Meet the team
How we work
The business of AI in 2025
Latest blog posts
Largest ASX 50 breach since Medibank exposes hidden risk in Australia's digital supply chain
What I learned from 35 honest conversations about Airteam
Beyond SaaS: Is it time to build instead of buy?
A skills-oriented approach to hiring developers
How I’ve been using Payload CMS to build better web apps
Development
3
min read

Largest ASX 50 breach since Medibank exposes hidden risk in Australia's digital supply chain

Rich Atkinson
July 2, 2025
Qantas Airline Cyber Attack

Today’s news that Qantas has had the details of 6 million customers breached through an external call centre platform is appalling, of course.

Unfortunately, it also reveals a fundamental flaw in how Australia's largest corporations manage their digital supply chains, with third-party platforms creating uncontrolled risk exposure that could reshape enterprise security strategies.

Despite Qantas confirming "all Qantas systems remain secure," the breach originated from a third-party contact centre platform, highlighting how market leaders can maintain perfect internal security yet still suffer massive data compromises through external dependencies.

This is the new reality of enterprise risk: your security is only as strong as your weakest vendor. Qantas did everything right on their end, but they're still facing a crisis because they couldn't control what happened in someone else's system.

The pattern is concerning:

  • 2025: Qantas data breach of 6 million customers through a third party platform used by Qantas contact centre.
  • 2023: Latitude Financial: 14 million customers stolen after attack on a third party.
  • 2022: Woolworths subsidiary MyDeal suffered a CRM breach affecting 2.2 million customers.
  • 2022: Medibank faced similar third-party vulnerabilities affecting 9.7 million customers the same year.

That uncertainty is the real problem.

When you don't have direct visibility into third-party systems, you can't give customers definitive answers about what happened to their data.

You're essentially asking customers to trust you about systems you don't fully control.

Market leaders like Qantas become high-value targets precisely because of their scale and reliance on multiple third-party integrations, particularly customer relationship management systems.

The question isn't whether these attacks will happen, it's whether businesses can respond with complete transparency. That requires either bringing critical systems like CRMs in-house or working with local vendors who provide full visibility into their security architecture.

When you're dealing with millions of customer records, you need partners with proven security frameworks, not just promises.

Share this post
Rich Atkinson
Rich Atkinson
Executive Director, Technology

Related posts

Patrick working on a brainstorming project.
Culture
5
min read

What I learned from 35 honest conversations about Airteam

After 35 honest conversations with clients, prospects and partners, I walked away with a clearer picture of how people see Airteam and the value they’re looking for.
Patrick Goffin
June 5, 2025
Airteam offsite working on the desk
Culture
6
min read

Beyond SaaS: Is it time to build instead of buy?

After eight years of building custom software, I still get asked: “What kind of software do you build?” This blog unpacks how I answer that.
Patrick Goffin
May 27, 2025
Developer working on a laptop
Culture
5
min read

A skills-oriented approach to hiring developers

We’ve moved away from “bring your own code” interviews and introduced peer programming and tailored take-home challenges that reflect how we actually work.
Laura Zucchetti
April 15, 2025
View all
The Airteam logo.

Australia's trusted software development partner

Suite 209/56 Bowman St, Pyrmont, NSW 2009
hello@airteam.com.au
We acknowledge the Traditional Owners of Country throughout Australia and recognise their continuing connection to land, waters and culture. We pay our respects to their elders past, present and emerging.
ServicesCase StudiesDMS
TeamCareersArticlesContact
AWS Select Consulting Partner badge.Luma Institute certificationISO 27001 certification for software development companyISO 9001 certification for software development companyGoogle 4.9 Stars BadgeGood Design Award Badge
© Airteam 2025
ABN: 52 613 107 618
Privacy Statement