https://www.qantasnewsroom.com.au/media-releases/qantas-cyber-incident

Qantas has disclosed a significant cyber incident that potentially exposed the personal data of up to six million customers after cybercriminals targeted one of the airline’s call centres and gained unauthorized access to a third-party customer servicing platform. The breach occurred when a cybercriminal targeted a call centre and accessed a third-party customer servicing platform, with the airline detecting unusual activity on Monday before containing the incident. Names, email addresses, phone numbers, birth dates stolen in what the airline describes as a “significant” data theft affecting customer service records dating back several years.

According to Qantas, the breach has been contained and there is “no impact” on the airline’s operations or safety, though the company acknowledges that a substantial amount of customer data may have been compromised during the attack. The incident represents one of the largest data breaches in Australian aviation history, affecting the personal information of millions of frequent flyers and customers who have interacted with Qantas customer service over recent years. The airline has begun notifying affected customers and is working with cybersecurity experts and law enforcement agencies to investigate the full scope of the breach.

The Qantas cyber incident adds to a growing list of major data breaches affecting Australian companies and highlights the vulnerability of third-party platforms used by large corporations for customer service operations. With the aviation industry increasingly reliant on digital platforms for customer interactions, the breach underscores the critical importance of robust cybersecurity measures across all service providers in the supply chain. Qantas has assured customers that flight operations and safety systems remain unaffected, but the incident raises serious concerns about the protection of personal data in an era where customer service platforms contain vast repositories of sensitive information spanning multiple years of customer interactions.