Qantas has suffered a major cyber-attack, potentially exposing the records of up to 6 million customers.
The airline said on Wednesday that the affected system had now been contained and its systems were secured. The system in question was a third-party platform used by the airline’s contact centre, which contains the records of 6 million customers.
The data includes customer names, email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information or passport details.
Frequent flyer accounts were not compromised, neither were passwords, Pins or login details.
Qantas took “immediate steps” to secure its systems after detecting “unusual activity” on a third-party platform on Monday, the airline said on Wednesday.
Qantas Group Chief Executive Officer Vanessa Hudson offered an apology to customers over the breach.
“Our customers trust us with their personal information and we take that responsibility seriously,” Hudson said.
“We are contacting our customers today and our focus is on providing them with the necessary support.”
The data breach comes as Qantas is working to rebuild its reputation following a series of controversies during the COVID-19 pandemic, including revelations that it sold tickets for thousands of cancelled flights and lobbied against a bid by Qatar Airways to operate more flights to Europe.
Qantas earned its lowest-ever spot in last year’s World Airline Awards by Skytrax, falling from 17th to 24th place, before climbing 10 spots in the 2025 ranking