Qantas has confirmed a cyber incident impacting one of its airline contact centres, exposing customer data stored on a third-party platform.

On Monday, the airline detected unusual activity and immediately contained the system, ensuring that all Qantas systems remain secure. The breach was isolated to a third-party customer servicing platform targeted by a cybercriminal.

Why it matters?

The incident affects millions of Qantas customers and undermines trust in how personal information is handled.

While flight operations and airline safety are not impacted, the compromise of personal data, including names, emails, phone numbers, birth dates, and Frequent Flyer numbers, can create distress and pose identity risks for affected individuals. Qantas Group CEO Vanessa Hudson acknowledged the seriousness, saying:

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.”

Local Impact

The breach affects approximately six million customers with service records in the compromised platform, many of whom reside across Australia.

Qantas is contacting customers directly to offer support and provide advice on identity protection. Customers are urged to remain vigilant, though credit card details, personal financial information, and passport details were not stored in the compromised system.

By the Numbers

• 6 million: Customers with service records in the affected platform.

• 0: Number of Frequent Flyer accounts, passwords, PINs, or login details compromised.

• 2: Dedicated customer support lines established for local and international assistance : 1800 971 541 and +61 2 8028 0534.

Zoom In

Qantas’ immediate containment efforts successfully secured its core systems. The airline is working closely with government agencies, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, to investigate and respond to the incident. Vanessa Hudson assured customers:

“We are contacting our customers today and our focus is on providing them with the necessary support.”
Additionally, Qantas is putting in place extra security measures to strengthen system monitoring and detection.

Zoom Out

This breach underscores the growing risk of cyber incidents targeting third-party service providers across various industries. As companies rely on external platforms, vulnerabilities outside core systems can still expose large volumes of sensitive customer data. The incident also demonstrates the importance of swift containment, transparent communication, and collaboration with government agencies to protect affected individuals.

What to Look for Next?
Qantas has notified the Australian Federal Police due to the criminal nature of the attack and will continue cooperating with authorities. Customers can expect direct communication from Qantas about any potential compromise of their data. The airline will share updates on qantas.com and its social channels as investigations progress. Vanessa Hudson confirmed ongoing engagement with the National Cyber Security Coordinator and cybersecurity experts to safeguard customer information moving forward.

For assistance, customers should contact Qantas’ dedicated support line or visit the information page on the airline’s website. Those with upcoming travel do not need to take any action, as bookings remain unaffected and can be managed through the Qantas App or website.