Qantas Airways has begun contacting affected customers after a cyber attack compromised data from its third-party customer service platform, impacting up to six million individuals.
The Australian airline said it detected “unusual activity” on 30 June on a platform used by its contact centre to manage customer interactions. The platform, operated by an external provider, held personal information such as names, phone numbers, email addresses, dates of birth, and frequent flyer membership numbers.
Qantas promptly responded to the breach, taking what it described as “immediate steps” to contain the affected system. The company has launched an ongoing investigation to determine the full extent of the breach. While the number of individuals affected is still being confirmed, the airline admitted that the volume of compromised data is expected to be “significant.”
Reassuring customers, Qantas stated that sensitive financial information such as credit card numbers, passport details, and banking credentials were not stored on the breached system. The company also confirmed that no frequent flyer account passwords or PINs were compromised.
Qantas has notified the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC) of the breach. The company is offering a dedicated support line for customers with concerns.
“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” said Vanessa Hudson, CEO of Qantas Group. She also confirmed that airline operations and safety remain unaffected.
This latest breach follows a series of high-profile cyber incidents in Australia, including those affecting AustralianSuper and Nine Media earlier this year. The OAIC reported in March 2025 that 2024 was the worst year on record for data breaches in Australia since it began monitoring in 2018.
Australian Privacy Commissioner Carly Kind commented that the threat landscape remains severe, particularly with persistent efforts by malicious actors. She called on both public and private entities to strengthen cybersecurity frameworks and improve data protection practices.
As cyber threats grow increasingly common, the Qantas breach underscores the urgent need for heightened vigilance and robust digital defences across industries.