Development
3
min read

Largest ASX 50 breach since Medibank exposes hidden risk in Australia's digital supply chain

Rich Atkinson
July 2, 2025
Qantas Airline Cyber Attack

Today’s news that Qantas has had the details of 6 million customers breached through an external call centre platform is appalling, of course.

Unfortunately, it also reveals a fundamental flaw in how Australia's largest corporations manage their digital supply chains, with third-party platforms creating uncontrolled risk exposure that could reshape enterprise security strategies.

Despite Qantas confirming "all Qantas systems remain secure," the breach originated from a third-party contact centre platform, highlighting how market leaders can maintain perfect internal security yet still suffer massive data compromises through external dependencies.

This is the new reality of enterprise risk: your security is only as strong as your weakest vendor. Qantas did everything right on their end, but they're still facing a crisis because they couldn't control what happened in someone else's system.

The pattern is concerning:

  • 2025: Qantas data breach of 6 million customers through a third party platform used by Qantas contact centre.
  • 2023: Latitude Financial: 14 million customers stolen after attack on a third party.
  • 2022: Woolworths subsidiary MyDeal suffered a CRM breach affecting 2.2 million customers.
  • 2022: Medibank faced similar third-party vulnerabilities affecting 9.7 million customers the same year.

That uncertainty is the real problem.

When you don't have direct visibility into third-party systems, you can't give customers definitive answers about what happened to their data.

You're essentially asking customers to trust you about systems you don't fully control.

Market leaders like Qantas become high-value targets precisely because of their scale and reliance on multiple third-party integrations, particularly customer relationship management systems.

The question isn't whether these attacks will happen, it's whether businesses can respond with complete transparency. That requires either bringing critical systems like CRMs in-house or working with local vendors who provide full visibility into their security architecture.

When you're dealing with millions of customer records, you need partners with proven security frameworks, not just promises.

Share this post