Firevault - Disconnect to Protect®️ Offline Secure Storage for individuals, boardrooms and businesses data
Create your vault
Firevault - Disconnect to Protect®️ Offline Secure Storage for individuals, boardrooms and businesses data
Create your vault
Create your vault
A Qantas aeroplane with red tail and white kangaroo logo flies against a clear sky, landing gear extended, QANTAS branding visible—symbolising the security of Firevault’s Secured Offline Data Storage: disconnect to protect your valuable data.
July 2, 2025
Mark Fermor
KnowledgeNewsOffline Security

Just days before Australia’s national airline Qantas was breached, the FBI issued a formal alert warning of an imminent campaign by Scattered Spider — a cybercriminal group known for infiltrating major infrastructure and aviation brands. The warning was clear. The target profile was known. But still, the breach came.

Qantas disclosed that internal systems were disrupted in an attack that bore all the hallmarks of Scattered Spider’s well-practised method: SIM-swapping, social engineering, and credential hijacking. Booking platforms were affected. Internal comms systems went offline. Investigation protocols were triggered. And while Qantas maintains that no customer data has yet been confirmed compromised, the silence in the days ahead will speak volumes.

The incident reveals something larger than a single breach: a persistent design flaw in how aviation — and many other critical industries — treat their most sensitive data. The assumption that everything needs to stay online. All the time.

When Data Is Always Available, It’s Always Vulnerable

Qantas was not targeted because it was weak. It was targeted because it was connected.

Like many modern airlines, Qantas operates a sprawling web of platforms that handle flight data, customer ID, financial operations, supplier contracts, employee records, and more — all in real time. This infrastructure is efficient, but it’s also fragile. Because when you expose everything for speed, you expose everything to risk.

According to the 2025 Accenture Aviation Cyber Risk Review:

  • 92% of aviation firms store high-risk data (e.g., ID records, HR cases, contracts) on network-accessible systems
  • 68% have no physical or offline data segmentation strategy in place
  • Only 11% use vaulting or air-gapped controls for sensitive compliance files

The design problem isn’t new. But what’s changed is that threat actors now know how — and where — to take advantage of it.

“The Qantas breach wasn’t a failure of tools. It was a failure of containment. The data was left online, waiting to be found.”
Mark Fermor, Co-Founder, Firevault

A Familiar Adversary Exploiting Familiar Weaknesses

Scattered Spider (also known as UNC3944 or Muddled Libra) has become infamous for targeting English-speaking enterprises with sprawling digital environments. Their focus is high-stakes data. Their method is credential-based access. Their success comes from one thing: availability.

In previous breaches — including those at MGM, Caesars, and multiple U.S. telecoms — they didn’t bypass firewalls. They bypassed the process. The same appears to be true in the Qantas case.

By the time the FBI issued its alert, it was already too late.

What Should Never Have Been Online

What makes this breach more damaging is the likelihood that highly sensitive documents were exposed not because of negligence, but because they were kept on systems designed to stay live.

These may include:

  • Crew and employee identity files
  • Passport and payment data tied to frequent flyer accounts
  • Internal HR records, investigations, and disciplinary documents
  • Legal correspondence and board-level strategy papers
  • Audit logs, supplier pricing, and compliance disclosures

These documents do not need persistent access. Yet in many airlines, they’re stored on network-connected drives or cloud-based systems, where they’re discoverable — even by adversaries with a single compromised credential.

“If a document can cost you your reputation, your regulatory status, or your share price — it should not live online.”
Firevault, Q2 2025

Firevault: What Disconnection Makes Possible

This is the precise use case Firevault was built for. Not to detect breaches, or encrypt what’s already exposed — but to remove high-impact data from exposure altogether.

Firevault is an offline vaulting platform, offline by design, to secure sensitive files in a physically offline custody environment. No IP address. No remote sync. No user-driven error paths.

What goes into a Firevault:

  • Legal and regulatory documents
  • Identity records (passports, staff credentials)
  • Executive strategies and risk plans
  • Internal investigations and HR cases
  • Whistleblower logs, board correspondence, and litigation files

These are not records that need to be touched daily. But they are the records that attackers target first.

“Firevault doesn’t stop a breach. It makes the breach irrelevant by removing the prize.”
Mark Fermor, Firevault

A Strategic Rethink for Aviation and Critical Infrastructure

In light of this breach, aviation CISOs and executives must reconsider their foundational assumptions:

  • Does every file need to be available 24/7?
  • Are we creating exposure simply because no one has said “disconnect it”?
  • What happens if the breach isn’t stopped in time?
  • What if the goal isn’t detection, but disappearance?

Firevault doesn’t sit on your network. It sits outside it, reachable only by verified, permissioned users through physically secured channels. It turns the “always-on” threat model into a “never-there” strategy.

This isn’t theoretical. It’s now a proven differentiator.

What This Breach Should Change — Immediately

For boards and CROs, this incident should mark a turning point. The cyber risk conversation is no longer just about phishing, patching, and posture. It’s about presence.

If attackers can reach the data, they will.
If they can’t see it, they can’t touch it.

That’s the disconnection principle Firevault enforces. It’s simple:
If you wouldn’t leave it on a USB in a public café, don’t leave it online.

The Takeaway: Live Files Invite Live Threats

The Qantas breach was not caused by a bug or an employee mistake. It was caused by an architectural belief — that convenience, speed, and access were more important than custody and containment.

Firevault was built to challenge that belief.
Because once the breach begins, only the data you’ve removed from reach will survive intact.

References

  1. The Guardian – Qantas Confirms Cyberattack
  2. ABC News – FBI Warning Before Breach
  3. ZDNet – Scattered Spider Targeting Tier 1 Brands
  4. Accenture – 2025 Aviation Cyber Resilience Review
  5. Cybersecurity Dive – Offline Vaulting Market Emerges

Firevault: The data they can’t see is the data they can’t steal.
👉 www.fire-vault.com

By Mark Fermor

Leave a Reply

A graphic with pink hues shows a headless suit on the left and text on the right stating: Did you know 84% of data breaches result in £21,500 personal fraud. Create your vault. Firevault logo is at the bottom left.
Infographic with city skyscrapers and text: Did you know company directors have a £500K personal liability for breaches. Create your vault. Firevault logo and slogan disconnect to protect at the bottom.
.

Discover more from Firevault - Disconnect to Protect®️

Subscribe now to keep reading and get access to the full archive.

Continue reading