Qantas has confirmed a cyber incident at one of its contact centres, which may have exposed personal data for around 6 million customers. The airline’s core systems and flight operations remain unaffected.
On July 2, 2025, Qantas detected unusual activity on a third-party platform used by a customer contact center.
The airline says it acted immediately to contain the issue and confirmed that its own systems — such as booking, loyalty, and operational platforms — were not impacted.
“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.”
Qantas Group CEO Vanessa Hudson
What Data May Have Been Stolen
The affected system holds service records for approximately 6 million customers.
Data potentially accessed includes:
- Names
- Email addresses
- Phone numbers
- Dates of birth
- Frequent flyer numbers
Qantas confirmed that no financial information, passwords, passport numbers, PINs, or login credentials were stored in that system.
How Qantas Responded
In response to the breach, Qantas:
- Secured and isolated the third-party system
- Introduced extra cybersecurity measures
- Alerted the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police
- Launched a dedicated support hotline and information page on its website
- Began notifying affected customers directly
Qantas Group CEO Vanessa Hudson apologized for the incident and reaffirmed the company’s commitment to transparency and customer safety.
What Customers Should Know
International: +61 2 8028 0534
✅ Flights and bookings are unaffected — no need to worry about your upcoming trips
📲 Stay alert — watch for official messages from Qantas (not third-party senders)
📞 Need help? Call the dedicated support line:
Australia: 1800 971 541
Why This Matters
Even though no sensitive financial data was accessed, personal details like emails and birthdates can still be used in scams or phishing attempts.
This incident highlights the risks of third-party data storage and the growing need for cybersecurity vigilance, even from well-established brands.
