This podcast discussion provides a comprehensive overview of the Qantas data breach that occurred in July 2025, which compromised approximately 5.7 to 6 million customer records through the exploitation of a third-party customer service platform. Several sources confirm that the attack was attributed to the threat actor group Scattered Spider and involved social engineering tactics like Multi-Factor Authentication (MFA) bypass and targeting call center personnel. This incident underscores the critical importance of supply chain risk management and has spurred legal and regulatory fallout, including the launch of a representative class action lawsuit by Maurice Blackburn and parallel inquiries by Australian regulators like the Office of the Australian Information Commissioner (OAIC). The reports also place this event within the broader context of aviation sector cybersecurity priorities, noting the increased focus on governance, identity management, and vulnerability patching, as detailed in CISO industry reports.