Photo Credit: Getty Images
Australian airline Qantas has launched an investigation into a "significant" cyberattack that compromised the personal data of six million customers. The breach occurred at a third-party customer contact center, where hackers accessed a system containing sensitive information such as customer names, email addresses, phone numbers, and birthdays, the company said Wednesday.
On 30 June, the Australian airline detected "unusual activity" on a platform used by its contact centre to store the data of six million people, including names, email addresses, phone numbers, birth dates and frequent flyer numbers.
Upon detection of the breach, Qantas took "immediate steps and contained the system", according to a statement.
"There are 6 million customers that have service records in this platform," the company said in a statement. "We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant."
Credit card details and passport numbers were not kept in the system, Qantas added.
"There is no impact to Qantas' operations or the safety of the airline."
Chief executive Vanessa Hudson said Qantas had notified Australia's National Cyber Security Coordinator.
"We sincerely apologise to our customers and we recognise the uncertainty this will cause," she said.
"Our customers trust us with their personal information and we take that responsibility seriously."
It has assured the public that passport details, credit card details and personal financial information were not held in the breached system, and no frequent flyer accounts, passwords or PIN numbers have been compromised.
Qantas has notified the Australian Federal Police of the breach.
A string of major cyberattacks has in recent years raised concerns about the protection of Australians' personal data.
Qantas apologised in 2024 after a glitch with its mobile app exposed some passengers' names and travel details. Major ports handling 40 percent of Australia's freight trade ground to a halt in 2023 after hackers infiltrated computers belonging to operator DP World.
The Qantas breach is the latest in a string of Australian data breaches this year, with AustralianSuper and Nine Media suffering significant leaks in the past few months.
