Australia's Qantas Airways suffers cyberattack affecting up to 6 million customers
Learn More
Australia's Qantas Airways was hit by a cyberattack that potentially compromised the personal information of up to 6 million customers. The attack targeted a third-party customer service platform used by one of Qantas' call centers, allowing cybercriminals to access customer databases containing personal information.
The cyberattack was discovered on June 30, 2025, when Qantas detected unusual activity on the third-party platform used by its airline contact center. The company took steps to contain the incident and secure its systems. The cause of the attack has not been officially attributed to any specific threat group, though cybersecurity experts have identified strong similarities to tactics employed by the Scattered Spider ransomware collective.
Quantas claims that all internal systems remain secure, but is warning that a "significant" amount of customer data is believed to have been stolen. Exposed data includes:
- Names
- Email addresses
- Phone numbers
- Birth dates
- Frequent flyer numbers
The number of affected individuals has not been specified but it could reach up to 6 million customers, as Qantas confirmed there are 6 million customer service records stored in the compromised third-party platform.
Update - as of 8th of July 2025, Qantas Airways provided a more detailed breakdowns of its cyberattack. It's affecting 5.7 million unique customer records, of which:
- 4 million exposed basic information (name, email, and Frequent Flyer details), of which 2.8 million had the Frequent Flyer number exposed and a smaller number (not disclosed) had Points Balance and Status Credit information compromised.
- the remaining 1.7 million exposed additional data including
- 1.3 million addresses,
- 1.1 million dates of birth,
- 900,000 phone numbers
The company continues investigating the proportion of data that was stolen, it expects the amount to be "significant."
Qantas CEO Vanessa Hudson issued a public apology to affected customers, acknowledging the uncertainty and concern the incident would cause. "We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,"
The company is working closely with Australian authorities including the National Cyber Security Coordinator, the Australian Cyber Security Centre, and independent cybersecurity specialists to investigate the incident thoroughly.
The airline has established a dedicated customer support line at 1800 971 541 (or +61 2 8028 0534 for international calls) to assist affected customers with questions about the breach and provide access to specialist identity protection advice and resources. Qantas is actively contacting customers to notify them of the incident, provide details about available support services, and offer guidance on protecting against potential identity theft and fraud attempts.
Key red flags of a scam communication include:
- Requests for sensitive information such as passwords, booking references, or Frequent Flyer login details. Qantas will never ask for these via email or phone.
- Messages that create a sense of urgency or use threatening language, such as claiming your account will be locked unless you provide information or click a link.
- Unsolicited emails or texts containing suspicious links or attachments. Do not click on links or download attachments from unknown sources.
- Requests for payment or personal financial information.
Users receiving such messages must verify their account status directly through the official Qantas website or app, not through links provided in emails or texts.
Update - As of 10th of October 2025, the personal data of 5.7 million Qantas customers has been released on the dark web by the hackers.
