In June, Qantas became the latest high-profile airline to suffer a cyber attack, with the personal data of up to six million customers exposed via a third-party platform used by one of its offshore contact centres.
Tim Taylor
While no passwords or financial data were accessed, the breach revealed names, phone numbers, dates of birth, and frequent flyer numbers – raising serious concerns about vendor security and the unseen risks within everyday business systems.
The breach didn’t come through Qantas’s core systems. It came through an external vendor. This distinction is critical. Many businesses, especially in regions like the Bay of Plenty and Waikato, assume that securing their internal systems is enough. It’s not.
Every tool you use – whether for customer support, data storage, or document management – is a potential entry point for attackers if not properly secured. Cybercriminals now target the weakest link in your supply chain, not just your network.
Why this should concern all New Zealand businesses
You don’t need to be Qantas to be at risk. Small to medium enterprises are often seen as easier targets, with fewer resources and less formal cyber protection in place. If your systems connect to the cloud, use third-party apps, or store sensitive client data, you’re vulnerable.
More than ever, cybersecurity is not just a technical issue. It’s a strategic one. It affects customer trust, business continuity, and even your reputation.
A single breach can trigger regulatory investigations, legal costs, and long-term reputational damage.
What you can do now
At Aviation IT, we work with aviation operators and SMEs across New Zealand and Australia. Here are five proactive steps we recommend:
Audit all third-party platforms you use. Know who has access to your data and whether they meet NZ cybersecurity standards.
Enforce multi-factor authentication (MFA) across every user and system, including remote tools.
Educate your team. Most breaches start with a phishing email. A well-trained team is your first line of defence.
Have a clear incident response plan. Know who will act – and how – if something goes wrong.
Monitor everything. Real-time monitoring tools can flag unusual activity before it escalates.
Hand and warning caution 404 page not found error system or problem computer network or firewall protection for cyber threat attack security risk alert hacker or cybercrime safety or virus prevent. Photo: Supplied.
Closing thoughts
In aviation, we treat safety as non-negotiable.
Cybersecurity should be no different. Whether you’re running a charter operation, a law firm, or a growing trades business, the Qantas incident reminds us all: you can’t outsource responsibility for data security.
At Aviation IT, we make it our mission to help businesses soar with confidence. Let’s make cybersecurity part of your flight plan.
Soaring to new heights in I.T.
Experience better I.T.
- Tim Taylor is the Managing Director at Aviation IT, based in the Bay of Plenty. He can be contacted on
