Australia’s flagship carrier says it believes a ‘significant’ amount of personal data was stolen in a cyberattack.
Qantas is investigating a major cyberattack after hackers accessed a system holding personal data belonging to 6 million customers, Australia’s flagship airline has said.
Qantas took “immediate steps” to secure its systems after detecting “unusual activity” on a third-party platform on Monday, the airline said on Wednesday.
The airline is investigating the amount of data that was stolen, but it expects that it will be “significant”, Qantas said in a statement.
The affected data includes customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers, but not credit card details, personal financial information or passport details, according to the airline.
Qantas said it had put additional security measures in place, and notified the police, the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
Qantas Group Chief Executive Officer Vanessa Hudson offered an apology to customers over the breach.
“Our customers trust us with their personal information and we take that responsibility seriously,” Hudson said.
“We are contacting our customers today and our focus is on providing them with the necessary support.”
The data breach comes as Qantas is working to rebuild its reputation following a series of controversies during the COVID-19 pandemic, including revelations that it sold tickets for thousands of cancelled flights and lobbied against a bid by Qatar Airways to operate more flights to Europe.
Qantas earned its lowest-ever spot in last year’s World Airline Awards by Skytrax, falling from 17th to 24th place, before climbing 10 spots in the 2025 ranking.
Advertisement
Hudson’s predecessor, Alan Joyce, stepped down two months ahead of his scheduled retirement in 2023, while acknowledging the need for the airline “to move ahead with its renewal as a priority”.
Last week, the FBI in the United States said that a cybercriminal group known as Scattered Spider had expanded its targets to include airlines.
The FBI said the hacking group often impersonates employees or contractors to deploy ransomware and steal sensitive data for extortion purposes.
