Qantas has confirmed that 5.7 million of its customers have had personal data compromised in a major cybersecurity breach, with the company now contacting those affected and working with law enforcement following contact from a suspected cybercriminal.
The breach, first revealed last week, impacted nearly all of the 6 million users in the affected system. The airline has disclosed that the compromised data ranges from basic customer details to sensitive personal information, with varying levels of exposure.
According to Qantas, 4 million customers had their name, email address, and Frequent Flyer details accessed. Of those, 1.2 million had only their name and email exposed, while 2.8 million had Frequent Flyer numbers included. A smaller subset within this group also had their Points and Status Credit balances accessed — a sign that more targeted attempts may have been made by scammers.
The remaining 1.7 million affected customers had even more sensitive data exposed. Qantas has confirmed that within this group, 1.3 million addresses (home, business, or hotel) were accessed, as well as 1.1 million dates of birth, 900,000 phone numbers, and gender details of 400,000 customers. For around 10,000 people, even their meal preferences were included in the breach.
No stolen data has appeared on the dark web so far. However, Qantas has acknowledged that a suspected cybercriminal has contacted the company. While the details of the communication have not been disclosed, law enforcement — including the Australian Federal Police and the National Cyber Security Coordinator — are now handling the matter.
Qantas CEO Vanessa Hudson issued a statement reaffirming the airline’s commitment to transparency. “Our focus has been to identify exactly what data was compromised for each of the 5.7 million impacted customers and to share that with them directly,” she said.
Affected customers will be notified of the specific data exposed and provided with support and cybersecurity advice. In response to the breach, Qantas has implemented additional digital safeguards and is conducting a full review of the incident.
Customers are urged to remain vigilant for scam emails, text messages, or phone calls that appear to come from Qantas, especially those asking for login credentials or payment information.
This breach is among the most significant involving an Australian company in recent years and has raised new concerns about the adequacy of cybersecurity practices in large corporations entrusted with personal information.
