Qantas has begun notifying customers after a cyberattack targeted a third-party customer service platform used by the airline, potentially compromising the personal data of up to six million individuals.
In a statement issued on Tuesday, Qantas said it detected “unusual activity” on 30 June within a platform employed by its contact centre. The system stores customer information including names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
The airline said it took “immediate steps and contained the system” following the breach. While the full extent of the compromise is still under investigation, Qantas acknowledged the proportion of affected data is expected to be “significant.”
Importantly, Qantas reassured customers that sensitive financial details such as credit card information, passport numbers, and personal banking data were not stored on the breached platform. It also confirmed that frequent flyer passwords and PINs were not accessed, and no accounts had been compromised.
Qantas has informed the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC) about the incident. The company has also set up a dedicated support line to assist affected customers.
“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” said Qantas Group CEO Vanessa Hudson. She stressed that the cyberattack would not affect airline operations or passenger safety.
The breach comes shortly after the U.S. Federal Bureau of Investigation (FBI) issued a warning about rising cyber threats targeting the aviation sector. A cybercriminal group known as Scattered Spider has been linked to several recent attacks, including those affecting Hawaiian Airlines, Canada’s WestJet, and UK retailers such as Marks & Spencer.
The Qantas incident adds to a growing list of high-profile breaches in Australia this year. AustralianSuper and Nine Media have both experienced major data leaks in recent months, heightening concerns over digital security standards.
In March, the OAIC reported that 2024 was Australia’s worst year for data breaches since it began tracking them in 2018. “The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish,” said Australian Privacy Commissioner Carly Kind in a recent statement.
Kind urged both private companies and government entities to invest in stronger cybersecurity infrastructure, warning that all sectors remain vulnerable to digital threats.
Qantas said it will continue to update customers as its investigation progresses.
Dargslan.com is a digital platform featuring a wide collection of niche IT books and practical guides. Covering topics such as Linux, system administration, programming, and emerging technologies, it serves as a valuable resource for learners and professionals who want to expand their technical knowledge.
