Qantas Hit by Data Breach Affecting Up to Six Million Customers
Australian airline Qantas has confirmed a cyberattack on a third-party customer service platform that may have compromised the personal information of up to six million individuals.
The breach was detected on June 30, when the airline observed unusual activity on a system used by its contact centre to manage customer data. The exposed information includes names, phone numbers, email addresses, birth dates, and frequent flyer numbers, Qantas said in a statement released Monday.
While the full scope of the breach is still under investigation, the airline has warned that the amount of data accessed is likely to be significant. However, Qantas has reassured customers that sensitive financial information, such as credit card details, passport numbers, and account passwords or PINs, were not stored on the affected system.
The company said it acted swiftly to contain the breach and has since notified federal authorities, including the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC).
“We sincerely apologise to our customers and recognise the uncertainty this will cause,” said Qantas Group CEO Vanessa Hudson. She urged affected individuals to contact a dedicated support line and assured the public that the breach has not impacted flight operations or the safety of the airline.
The incident comes amid a wave of recent cyberattacks targeting the aviation industry. Just days earlier, the FBI issued a warning that the sector is being actively targeted by a cybercriminal group known as Scattered Spider. In the last two weeks, both Hawaiian Airlines and Canada’s WestJet have reported similar breaches, while UK retailers like M&S have also been affected.
This latest attack adds to a growing list of major Australian data breaches in 2025, following incidents involving AustralianSuper and Nine Media earlier this year. According to statistics released in March by the OAIC, 2024 was the worst year on record for data breaches in Australia, with most incidents involving malicious actors.
Australian Privacy Commissioner Carly Kind responded to the breach by calling on both the private and public sectors to strengthen cybersecurity protocols. “The trends we are observing suggest the threat of data breaches is unlikely to diminish,” she warned, urging organisations to adopt proactive data protection measures.
Qantas says it will continue to work closely with investigators and cybersecurity experts as it assesses the damage and reinforces its systems.
