Qantas cyber attack affects up to six million customer records

Qantas has confirmed a cyber incident involving a third-party call centre platform that may have compromised personal data from up to six million customer records.

The airline said the breach occurred when a cyber criminal gained unauthorised access to the system used by one of its contact centres. Qantas became aware of the issue on Monday, 30 June, and took immediate action to contain the breach. The platform is now secure, and Qantas systems remain unaffected.

Which data was compromised

An initial investigation suggests the compromised data includes customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

Importantly, Qantas stated that no passwords, financial information, passport details or frequent flyer accounts were accessed.

Vanessa Hudson, Qantas Group Chief Executive Officer, apologised for the breach: “We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.”

Regulations around data security

The incident again highlights the growing regulatory scrutiny around email database security, particularly when customer information is handled by third-party vendors.

Under the Australian Privacy Act, businesses are required to take reasonable steps to protect personal data, even when outsourced.

This includes ensuring secure transmission, storage, and access to personal information such as email addresses, which can be used for phishing or identity theft.

Qantas has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police, and is working with specialised cyber security experts and the Federal Government’s National Cyber Security Coordinator.

What to do if affected

The airline has launched a dedicated customer support line and an information page on its website. Customers with concerns can call 1800 971 541 (AU) or +61 2 8028 0534 (international), with access to specialist identity protection advice available.

While the investigation continues, Qantas is implementing additional security measures to monitor and detect unusual activity and limit further risk. Updates will be shared via qantas.com and the airline’s social media channels.

Qantas reiterated that there is no impact on flight operations and no action is required from customers with upcoming travel plans.

More information and updates can be found at qantas.com.