Millions of Qantas customers are at risk after hackers exploited a third-party system to steal personal information. Here's what got stolen.
Qantas Airlines suffers data breach
Qantas Airways confirmed on July 2, 2025, that a cybercriminal accessed customer service records stored in an external system used by one of its contact centers. The company says it has contained the breach but is now working to reassure and inform affected customers.
The airline that about 6 million customer service records are stored in the compromised platform. An initial review found that stolen information likely includes:
- Names
- Email addresses
- Phone numbers
- Birth dates
- Frequent flyer numbers
Qantas stressed that no credit card details, personal financial information, passport numbers, or login credentials such as passwords and PINs were held in the affected system. Frequent flyer accounts themselves weren't compromised.
The breach was detected on June 30, 2025, when Qantas security teams spotted unusual activity on the third-party platform. The airline says it quickly isolated the system to prevent further access.
The company insists its core IT systems remain safe and that there has been no impact on flight operations or passenger safety.
Qantas CEO apologizes and works with government
Qantas notified federal agencies and regulators in an attempt to show it's taking the breach seriously. It's working with government cybersecurity teams and private experts to understand what went wrong.
The breach was detected on June 30, 2025
Qantas Group CEO Vanessa Hudson apologized for the breach and the uncertainty it creates. She said the airline understands the trust customers place in it to protect personal information and is prioritizing direct communication and support.
The airline has set up a support line and published an info page with updates and identity protection resources for affected passengers. Travelers with upcoming bookings can check their flight details through the Qantas app or website.
Ongoing concerns with data leaks
The breach is the latest in a series of damaging attacks on Australian companies that have compromised personal data. It's likely to intensify pressure on businesses to strengthen cybersecurity and improve breach disclosure.
Regulators have been pushing for tougher reporting requirements. Public frustration grows over repeated data leaks.
Security specialists warn that even partial data breaches can be exploited. Names and contact details alone can fuel targeted phishing attacks or identity theft schemes.
Qantas says it will continue to through its website and social media channels as the investigation continues.
How to stay safe
First, experts recommend customers stay alert for suspicious emails, phone calls, or text messages asking for personal details. Avoid clicking links or downloading attachments from unknown sources.
Next, monitor your frequent flyer account and other services for signs of unusual activity. Finally, enable multi-factor authentication where possible and review security settings regularly.