Qantas Data Breach Exposes Personal Info of Up to Six Million Customers

Qantas has confirmed a significant data breach after detecting “unusual activity” on a third-party customer service platform used by its contact centre. The breach may have exposed personal details of up to six million customers, including names, phone numbers, email addresses, birth dates, and frequent flyer numbers. The breach was identified on 30 June, and Qantas says it took immediate action to contain the system. While an investigation is still ongoing, the airline expects a “significant” amount of data was accessed. Importantly, no passwords, PINs, passport numbers, or financial information such as credit card details were stored in the affected system.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” said Qantas Group CEO Vanessa Hudson, urging affected customers to contact a dedicated support line.

Qantas has notified the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner. The breach follows a warning issued by the FBI about cyber attacks targeting airlines, specifically naming the hacker group Scattered Spider. The same group is suspected to be behind recent breaches affecting Hawaiian Airlines, Canada's WestJet, and several UK retailers, including M&S. Despite the scale of the breach, Qantas says there will be no impact on flight operations or airline safety. The incident adds to growing concerns about cyber security in the aviation sector, with industry experts calling for urgent action to protect passenger data across global carriers.