Qantas has confirmed that there is no evidence that financial data was taken during a recent cyber attack on a system containing the personal details of almost six million customers.
On July 9, 2025, the airline released an update stating that it has “progressed its forensic analysis of the customer data in the system that was compromised” at one of its call centers on July 2, 2025.
Qantas said it is still actively looking into the attack, but reconfirmed that no credit card information, personal financial data, or passport information was stored in this system and therefore has not been accessed.
The airline added that there continues to be no impact on Qantas Frequent Flyer accounts. According to Qantas, passwords, PINs, and login details were not accessed or compromised. The data that was compromised is not enough to gain access to these accounts, it added.
“Our investigation has found that there were 5.7 million unique customers’ data held in the system. Specific data fields vary from customer to customer,” the air carrier said.
However, Qantas said analysis of customers’ personal data revealed that of 5.7 million unique records, around four million were compromised, containing names, email addresses, and Qantas Frequent Flyer details.
Out of these, 1.2 million records contained only names and emails, while 2.8 million also had Frequent Flyer numbers, with most including tier details and some with points of balance and status credits.
Of the remaining 1.7 million customers, records included 1.3 million addresses (residential, business, or hotel baggage delivery), 1.1 million dates of birth, 900,000 phone numbers, 400,000 gender entries, and 10,000 meal preferences.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” said Qantas Group Chief Executive Officer Vanessa Hudson.
Hudson added that since the incident, the airline has put in place a number of additional cyber security measures to further protect customers’ data. However, she did not detail what those measures were.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police,” Hudson added.
