Qantas has now confirmed that 5.7 million unique customers were affected by the recent cyberattack on one of its contact centers, with compromised data including personally identifiable information and other sensitive details.
The airline is now directly contacting impacted individuals, offering tailored guidance and access to identity protection resources.
The breach, first disclosed by Qantas on July 2, stemmed from unauthorized access to a third-party customer servicing platform used in its call center operations. The incident was detected on June 30, prompting the airline to isolate the compromised system and begin forensic analysis in collaboration with external cybersecurity experts. Qantas reiterated that no passwords, financial information, passport numbers, or credit card details were stored on the affected system.
According to today's update, of the 5.7 million unique customer records exposed (after removing duplicates), approximately 4 million contained only basic details, such as names, email addresses, and Qantas Frequent Flyer information. A subset of these, estimated to be around 2.8 million, also included frequent flyer numbers, tier status, and in some cases, points balances and status credits. The remaining 1.7 million records held a broader set of personal data, including 1.3 million with residential or business addresses, 1.1 million with birth dates, 900,000 with phone numbers, 400,000 with gender markers, and 10,000 with meal preferences.
Qantas Airways is Australia's flagship carrier and the country's largest airline, boasting a frequent flyer program that encompasses over 14 million members worldwide. The company is one of the oldest continuously operating airlines in the world and serves as a critical part of the nation's transportation and tourism infrastructure.
CEO Vanessa Hudson stated that Qantas has now begun emailing each impacted customer with detailed information about which specific personal data fields were compromised in their case. The company has also launched a 24/7 support hotline providing access to specialist identity protection advice. Hudson reiterated that Qantas is in continuous contact with the Australian Federal Police, the Australian Cyber Security Centre, and the National Cyber Security Coordinator, and has already implemented enhanced cybersecurity measures to prevent recurrence.
The breach has not been publicly attributed to any specific threat actor. However, earlier reports, including from Mandiant, pointed to a rise in call center-targeted attacks using social engineering tactics. Groups such as Scattered Spider, which have a history of targeting Australian firms, were cited as relevant examples. However, no link to this incident has been established yet.
For now, Qantas advises all customers to remain vigilant for phishing attempts and unsolicited communications purporting to be from the airline. Customers should verify suspicious messages via official Qantas channels, enable two-factor authentication on email and critical accounts, and never share passwords or sensitive login credentials with anyone. For further support, affected individuals are encouraged to consult resources from the Australian Cyber Security Centre, Scamwatch, IDCARE, and the Office of the Australian Information Commissioner.
Leave a Reply