Qantas Airways has confirmed a major data breach affecting up to six million customer profiles, following a cyberattack targeting a third-party platform used by its customer service contact centre.
The breach, detected on 30 June, involved “unusual activity” on a system storing customer information including names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. Qantas said it acted swiftly to contain the system and has launched an investigation into the scale of the intrusion.
In a statement, the airline assured customers that passport details, credit card numbers, and financial information were not stored on the compromised platform, and no frequent flyer account passwords or PINs had been exposed.
“We sincerely apologise to our customers and recognise the uncertainty this will cause,” said Qantas Group CEO Vanessa Hudson, urging affected individuals to contact a dedicated support line with any concerns. She added that flight operations and safety remain unaffected.
Qantas has reported the incident to the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC).
The cyberattack comes just days after the FBI warned that airline companies were being targeted by cybercriminal group Scattered Spider. Similar attacks have recently hit Hawaiian Airlines and Canada’s WestJet, and the group is also being investigated for breaches involving major UK retailers such as Marks & Spencer.
The Qantas incident is the latest in a growing list of significant Australian data breaches in 2025, following recent attacks on AustralianSuper and Nine Media. Earlier this year, the OAIC revealed that 2024 was Australia’s worst year on record for data breaches.
Australian Privacy Commissioner Carly Kind described the trends as alarming, warning that the threat posed by malicious actors “is unlikely to diminish.” She called on businesses and government agencies to enhance their data security frameworks urgently.
Qantas is continuing to assess the extent of the breach and has committed to providing updates as new information becomes available.
Written By Rodney Mbua
