Qantas has provided an update to Monday’s cyber incident that occurred in one of its contact centres, resulting in the exposure of customer records. From next week the airline will be updating customers directly after a cyber criminal gained access to a third-party customer servicing platform.
“Our investigation is progressing well with our cybersecurity teams working alongside leading external specialists to determine what information has been accessed,” said Qantas Group CEO Vanessa Hudson.
“We’re finalising a process that will enable us to provide affected customers with more information about their personal information that was potentially compromised. We are treating this incredibly seriously and have implemented additional security measures to further strengthen our systems. Our customers can be assured that we have the right expertise and resources dedicated to resolving this matter thoroughly and effectively.”
The company is aware of reports of scammers impersonating Qantas. Do not engage with anyone claiming to be from Qantas. Report the email or message or hang up and call Qantas directly. This is a dangerous period and it requires vigilance on the part of affected customers.
“I want to apologise again for the uncertainty this has caused,” Hudson added. “We’re committed to keeping our affected customers informed with regular updates as our investigation progresses. We will be in a position to update impacted customers on the types of their personal data that was contained in the system. This will confirm specific data fields for each individual, which will vary from customer to customer.”
BACKGROUND
- On Monday 30 June 2025, Qantas detected unusual activity on a third-party platform used by a Qantas airline contact centre.
- The airlines took immediate steps and contained the incident. All Qantas systems remain secure.
- The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform.
WHAT WE KNOW
The investigation to date has reaffirmed:
- There has been no further threat activity in the system
- The system remains secure
- No credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed
- There is no impact to Qantas Frequent Flyer accounts
Qantas has not been contacted by anyone claiming to have the data, and we’re continuing to work with the Government authorities to investigate the incident. It’s widely believed the hacking group Scattered Spider is responsible after the FBI warned last week the group was active.
INFORMATION EXPOSED
- Names
- Email addresses
- Phone numbers
- Dates of birth
- Frequent Flyer numbers
Credit card details, personal financial information and passport details were not held the exposed system. No Frequent Flyer accounts were compromised, nor have passwords, PINs , or log in details been accessed.
HOW QANTAS IS KEEPING US INFORMED
- All Qantas Frequent Flyer members received an initial email communication from Qantas on Wednesday 2 July, to advise them of the occurrence of an incident.
- All impacted customers aged 15 and above (with an email Qantas holds) were notified of the impact in a second email.
- Next week Qantas will update impacted customers on the types of their personal data that was contained in the system. This will confirm specific data fields for each individual, which will vary from customer to customer.
ACTION
- Qantas has increased resourcing in our contact centres and have a dedicated support line to support our customers.
- Qantas is working with government agencies and independent specialised cyber security experts.
- Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes.
SUPPORT
- Dedicated Support Line: 1800 971 541 or +61 2 8028 0534
- Available: 24/7
