Qantas suffers ‘significant’ cyber incident with six million customer details stolen

Qantas has confirmed a major cyber incident involving a third-party platform, potentially compromising the personal data of up to six million customers in what is being described as a ‘significant’ breach.

The airline said it detected unusual activity on a third-party platform used by a Qantas contact centre on 1 July and took immediate steps to contain the system.

Within the affected the platform were service records from six million customers. While the airline said it is continuing to investigate the proportion of data that was stolen, it expects the amount to be “significant”.

An initial review of the data showed customers’ names, email addresses, phone numbers, birth dates, and frequent flyer numbers were included.

However, credit card details, personal financial information and passport details are not contained in the system. Additionally, no frequent flyer accounts were compromised and no password, PIN and log in details were accessed.

Qantas also stated that all its systems remain secure and there is no impact to its operations or safety of the airline itself.

Qantas Group CEO Vanessa Hudson said the airline is working closely with the Federal government’s National Cyber Security Coordinator, the Australian Cyber Security Centre, and independent specialised cyber security experts.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” she said.

“We are contacting our customers today and our focus is on providing them with the necessary support.”