Industry News

Qantas Confirms Cyber Attack Impacted 5.7 Million Customers

July 9, 2025

Summary:

Qantas has confirmed that a cyber attack has compromised the personal data of approximately 5.7 million customers. CEO Vanessa Hudson stated there is currently no evidence that the stolen data has been released by the perpetrators. The airline has begun contacting affected individuals and providing further detail on the type of information breached.

No Confirmation on Ransom Demand

Qantas CEO Vanessa Hudson declined to confirm whether a ransom has been requested in the wake of the attack.
“We have received contact from someone claiming to be the perpetrator,” Ms Hudson told ABC’s The Business.
“As this is now part of an active criminal investigation being led by the Australian Federal Police, we won’t be commenting further.”

Security Measures Strengthened

Following the breach, Qantas says it has implemented enhanced security protocols to safeguard customer data.
“We’ve immediately strengthened controls and will continue to learn from this incident,” said Ms Hudson.
She added that Qantas is confident key systems remain secure, including frequent flyer account data, and that the airline is offering ID protection services to impacted customers.

Unlike previous breaches in other sectors, Ms Hudson confirmed that no credit card, passport, password, or PIN information was compromised in this incident.

No Evidence Data Has Been Leaked

Although some customers have reported receiving scam messages or suspicious login alerts, Qantas maintains that there is no indication the stolen data has been published online.
“Our monitoring shows no signs of the data being released at this stage,” said Ms Hudson. “However, we have teams monitoring this around the clock.”

She acknowledged the rise in scam activity but noted that such activity is common and not necessarily linked to this incident.
“Cyber threats are persistent, global, and target all companies,” she said.

What Data Was Breached?

Qantas said a forensic investigation is underway and has revealed the following:

  • 4 million customers had their names, email addresses, and frequent flyer numbers accessed.
  • 1.2 million of those records included only names and email addresses.
  • Of the remaining 2.8 million, some also included frequent flyer points and status credits.
  • An additional 1.7 million customers had further details exposed — including phone numbers, dates of birth, addresses, genders, and meal preferences.

The airline is now contacting each affected customer with a breakdown of what personal data was compromised and offering support.

Ongoing Customer Support & Safety Advice

Qantas is urging customers to remain cautious and stay alert to potential scams. The airline has reiterated that it will never request passwords or PINs from customers.

Customers are advised to:

  • Be wary of emails, texts, or calls claiming to be from Qantas.
  • Use two-factor authentication where possible.
  • Monitor for suspicious activity and report scams to Scamwatch.

Qantas has reaffirmed its commitment to transparency and customer support as investigations continue.