Qantas informs customers after cyberattack – data security assurance
Australian airline Qantas is contacting affected customers following a cyberattack on its third-party customer service platform.
On June 30, suspicious activity was detected on a service platform used by the company. The platform stored information on approximately six million people — including names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
The company said in an official statement that it took immediate action and secured the system after discovering the breach. However, the company is still investigating the extent of the data stolen in the attack. However, the company estimates that the amount of data stolen could be “significant.”
Qantas has clarified that passport details, credit card information, and personal financial information were not affected. It also assured that frequent flyer accounts, passwords, or PIN numbers were not compromised.
Qantas has reported the breach to the Australian Federal Police, the Australian Cyber Security Centre and the Australian Information Commissioner’s Office.
“We sincerely apologise for the inconvenience this has caused our customers. We appreciate the confusion this has caused them,” said Qantas Group CEO Vanessa Hudson.
She said the incident had no impact on Qantas operations or airline safety. She advised that if anyone had any concerns, they could contact a dedicated support helpline.
The attack follows a recent FBI warning about a cybercriminal group called “Scattered Spider” targeting the aviation sector. US-based Hawaiian Airlines and Canada-based WestJet have also been hit by similar cyberattacks in recent weeks.
The incident is the latest in a series of data breaches in Australia in 2024. Companies such as Australian Super and Nine Media have also suffered significant data breaches in recent months.
In March 2025, the Office of the Australian Information Commissioner (OAIC) released figures, saying that 2024 was the worst year for data breaches since records began in 2018.
“The latest trends we are seeing suggest that the risk of data breaches is increasing due to the efforts of malicious actors,” said OAIC Commissioner Ms Carly Kind.
She called on government agencies and businesses to take stricter data protection measures. She warned that the public sector, as well as the private sector, could become targets for cyberattacks.