DALLAS — Qantas (QF), Australia's largest airline, is investigating a major cyberattack that resulted in the leak of sensitive personal data belonging to approximately six million customers.
The breach occurred when hackers accessed a system managed by a third-party partner that provides customer service support for QF. The data breach includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
Key Details of the Cyberattack
- No credit card, financial, or passport data was compromised, as these types of data were not stored on the affected platform.
- The breach was detected after Qantas observed "unusual activity" on the third-party platform on Monday, June 30, 2025.
- Qantas immediately secured its systems and implemented new security protocols. The airlines also notified relevant authorities, including the Australian Cyber Security Centre, the Australian Federal Police, and the Office of the Australian Information Commissioner.
- CEO Vanessa Hudson issued a public apology, stressing the QF's commitment to supporting affected customers and the seriousness with which it treats the protection of personal information.
- Operations or safety protocols were not affected.
- The breach is part of a recent trend of cyberattacks targeting airlines; other carriers, such as Hawaiian Airlines and WestJet, have also been recently affected. Some attacks come from the hacking group known as Scattered Spider; however, it remains too early to confirm whether this group was involved in the QF incident.
Qantas is currently assessing the full extent of the breach and is actively contacting affected customers to provide support.