Qantas is reaching out to customers following a cyber attack on their third-party customer service platform.
The Australian airline detected “unusual activity” on a platform used by their contact center to store the information of six million individuals, including names, email addresses, phone numbers, birth dates, and frequent flyer numbers on June 30.
Upon discovering the breach, Qantas immediately took action to contain the system, according to a statement.
The company is currently investigating the extent of the breach, but believes that a significant amount of data was stolen.
Qantas has reassured the public that the breached system did not contain passport details, credit card information, or personal financial data, and that frequent flyer accounts, passwords, and PIN numbers were not compromised.
The airline has reported the breach to the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner.
Qantas Group CEO Vanessa Hudson apologized to customers for the breach and encouraged anyone with concerns to contact the dedicated support line. She also confirmed that the breach will not impact the airline’s operations or safety.
This attack comes shortly after the FBI issued a warning that the airline industry was being targeted by the cyber criminal group Scattered Spider.
Similar attacks have recently affected US-based Hawaiian Airlines and Canada’s WestJet.
BBC reported that Scattered Spider is also under investigation for a series of cyber attacks on UK retailers, including M&S.
The Qantas breach is the latest in a string of data breaches in Australia this year, with AustralianSuper and Nine Media experiencing significant leaks in the past few months.
In March 2025, the Office of the Australian Information Commissioner (OAIC) released statistics showing that 2024 had the highest number of data breaches in Australia since records began in 2018.
Australian Privacy Commissioner Carly Kind stated that the current trends suggest that the threat of data breaches, especially from malicious actors, is not likely to decrease. She urged businesses and government agencies to enhance their security measures and data protection, emphasizing that both the private and public sectors are vulnerable to cyber attacks.