Qantas Hit by Cybersecurity Incident, Impacting Up to 6 Million Customers
Qantas has confirmed a significant cybersecurity breach that may have compromised the personal records of as many as 6 million customers.
The airline stated on Wednesday that the affected system, a third-party platform used by its customer service center, has since been secured. While the breach involved customer data—including names, email addresses, phone numbers, birth dates, and frequent flyer numbers—it did not extend to credit card details, financial records, or passport information. Frequent flyer accounts, along with passwords and login credentials, were also unaffected.
The unusual activity was first detected on Monday, prompting immediate action to contain the issue. Qantas is currently assessing the extent of the data compromise but anticipates it to be substantial.
The airline has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police. CEO Vanessa Hudson confirmed that independent cybersecurity experts have been engaged to investigate the incident. Customers will receive updates via a dedicated support line and a website page as the investigation unfolds.
"We deeply regret the concern this situation may cause our customers," Hudson said. "Protecting their personal data is a responsibility we take very seriously. We are reaching out to customers today to provide them with the necessary assistance."
Cybersecurity incidents continue to rise in Australia. Earlier this year, multiple superannuation funds experienced breaches, leading to over $500,000 being stolen from customers’ accounts.
In May, the Office of the Australian Information Commissioner reported a 25% increase in data breaches during 2024 compared to the previous year. Between July and December 2024 alone, 595 breaches were recorded, bringing the annual total to 1,113—a significant jump from 2023's 893 incidents.
A majority of the breaches stemmed from malicious or criminal activity, with phishing accounting for 34% of cases and ransomware making up 24%. Most incidents impacted fewer than 5,000 individuals, though two breaches affected between 500,000 and 1 million people. The compromised data primarily included contact details, identification records, and financial or health information.
The healthcare sector reported the highest number of breaches (121), followed by government (100), finance (54), legal and accounting (36), and retail (34).
Read next
Climate activists criticize Shell for profiting from Iran conflict windfall
Shell announced stronger‑than‑anticipated earnings of $6.9 billion (£5 billion) after its oil‑trading arm profited from surging energy prices amid the Iran conflict, drawing criticism from climate activists.
Rising oil and gas prices during the Middle East turmoil enabled Europe’s largest oil and gas producer to
Jet Fuel Shortage Could Ground Travel, Reshape Vacations and History
What would happen to flights if the world exhausted its oil supply? Clearly, they would be grounded. More pointedly, could airlines simply run out of aviation fuel if the Iran conflict persists and the Strait of Hormuz stays closed?
This question has never arisen before. Air travel has faced unexpected
Ryanair CEO urges ban on early airport drinks amid rising misbehaviour
A bleary‑eyed pint at an airport bar before an early morning flight may become a thing of the past if Ryanair’s boss, Michael O’Leary, gets his way.
The airline’s chief executive, no stranger to controversy, has argued that airports should be barred from serving alcohol to