Qantas data breach could affect 6 million customers

Qantas has suffered a cyber incident that has lead to a data breach.

“The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said that all of its systems remain secure and its operations haven’t been affected.

What is known about the cyber incident?

Qantas does not say which call center was affected, but the Australian Frequent Flyer reports it’s the one in Manila, which apparently handles most calls and emails related to Qantas Business Rewards, the Qantas Frequent Flyer program, and Qantas Club.

The company detected unusual activity on a third-party platform used by that contact center on Monday, June 30, 2025. They took action immediately and say they’ve contained the incident within the system.

“There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” the company said.

The system held the following data: customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

It did not hold credit card details, personal financial information, passport details, and Qantas says that frequent flyer accounts, passwords, PIN numbers or log in details were also not compromised.

“There is nothing to indicate that [Frequent Flyer] points were stolen in connection with this incident,” the company added.

The company is implementing additional security measures to further restrict access and strengthen system monitoring and detection, and has involved government agencies and independent cyber security experts in the investigation.

The FBI has recently warned that the Scattered Spider threat actors have lately begun targeting companies in the airline sector.

“Given this attack was executed via Qantas’s contact centre, it does bare all the hallmarks of Scattered Spider,” William Wright, CEO of Closed Door Security, told Help Net Security.

“This collective of criminals often target victims via third party service providers, using social engineering and trying to convince victims to initiate password resets. Once successful, they then gain access to systems, syphon data and send out a ransom demand.”

Advice for organizations and affected customers

Wright says all organizations must be on high alert for these attacks, and should strengthen their processes to validate the authenticity of password reset requests.

“Defending against these risks requires more than perimeter controls – it demands continuous workforce education, Zero Trust principles, phish-resistant multi-factor authentication and identity verification that can’t be socially engineered,” noted Jordan Avnaim, CISO at Entrust.

All Qantas customers will be receiving the initial notification about the breach, and those whose data has been compromised will get a follow-up notification in the coming days.

In the meantime, they should be on the lookout for phishing emails and other fraud attempts.

“These emails could be designed to look like genuine communications in relation to the incident but are actually aimed at tricking recipients into handing out their personal or financial information,” Wright added.

“Avoid clicking on links and attachments from unknown senders and always check the address where an email is coming from. But the best way to keep updated on information around the incident is to visit the Qantas website and monitor for official statements.”

UPDATE (July 9, 2025, 09:50 a.m. ET):

Qantas has confirmed that the attackers compromised data of some 5.7 million customers:

• 1.2 million – name and email address
• 2.8 million – name, email address, Qantas Frequent Flyer number (and for some point balances and status credits
• 1.7 million – Different combinations of the aforementioned data points + real-world addresses (residential, business, hotel) + date of birth + phone number + gender + meal preferences

“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services,” Qantas Group Chief Executive Officer Vanessa Hudson said.

“Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes,” the company stated.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!