Qantas has confirmed a significant cybersecurity breach that may have exposed personal data of up to six million customers, following a cyberattack on one of its customer service platforms.
In a statement to shareholders this morning, the airline said the incident occurred on Monday after a cybercriminal gained access via a third-party call centre system. Qantas has since isolated the affected system.
Exposed information includes names, email addresses, phone numbers, birthdates, and frequent flyer numbers. No financial information, passwords, or credit card details were compromised, the company assured.
Qantas Group CEO Vanessa Hudson issued a public apology, saying:
“Our customers trust us with their data and we take that responsibility seriously. We are contacting customers and offering support.”
The company is working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre, and independent cybersecurity experts. The breach has also been reported to the Australian Federal Police and the Office of the Australian Information Commissioner.
Enhanced cybersecurity measures are now in place and a dedicated support line is being launched. Customers will be kept updated via Qantas’ website and social media.
