Qantas Cyberattack Exposes Data of 6 Million Customers

Australian national airline Qantas has launched an investigation into a significant cyberattack that compromised the personal data of approximately 6 million customers.

The airline revealed that the breach occurred through a third-party platform, where “unusual activity” was detected on Monday. Qantas stated on Wednesday that it took “immediate steps” to secure its systems and prevent further access.

Extent of Data Compromised

While the full scope of the breach is still under investigation, Qantas confirmed that the stolen data includes names, email addresses, phone numbers, birth dates, and frequent flyer numbers. The airline emphasized that no credit card details, financial data, or passport information were exposed.

Qantas warned that the volume of compromised data is expected to be “significant.”

Official Response and Customer Support

Qantas Group CEO Vanessa Hudson issued a public apology, saying:

“Our customers trust us with their personal information and we take that responsibility seriously. We are contacting our customers today and our focus is on providing them with the necessary support.”

The airline has reported the incident to the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner. Additional security measures have also been implemented across the company’s digital infrastructure.

Broader Context and Past Challenges

The breach comes at a delicate time for Qantas, which has been working to restore public trust following a series of controversies during and after the COVID-19 pandemic. These included criticism for selling tickets on flights that were later cancelled, and lobbying against an expansion bid by Qatar Airways to offer more flights to Europe.

In 2023, former CEO Alan Joyce stepped down two months ahead of schedule, citing the need for the airline to focus on renewal and reputation rebuilding. Under Hudson’s leadership, Qantas has shown improvement, climbing 10 places to 14th in the 2025 Skytrax World Airline Awards, after hitting its lowest-ever ranking the previous year.

Global Cybersecurity Warning

The breach comes just days after the FBI issued a warning about an increase in cyberattacks targeting airlines. A hacking group known as Scattered Spider has reportedly expanded its activities, frequently using social engineering tactics — such as impersonating employees or contractors — to infiltrate systems, deploy ransomware, and steal data for extortion.

Authorities have not confirmed whether this specific group was responsible for the Qantas attack.