Qantas planes sit at Sydney Airport's domestic terminal on July 2, 2025.
Qantas Airways has revealed a major cybersecurity breach that compromised the personal information of around six million customers. The breach, confirmed on Monday, targeted a third-party customer service platform linked to the airline’s contact center.
The airline disclosed the breach in a statement on Wednesday, noting that the stolen information may be “significant” in volume.
Third-Party Platform Becomes Gateway to Data Breach
The breach did not directly hit Qantas’ core systems. Instead, hackers accessed a third-party service platform that stored customer data. This platform held service records for approximately six million Qantas customers.
The exposed information includes:
- Names
- Email addresses
- Phone numbers
- Dates of birth
- Frequent flyer membership numbers
Fortunately, the airline confirmed that no credit card details, bank information, or passport numbers were stored on the affected platform.
Immediate Action Taken by Qantas Cybersecurity Team
Qantas reported that it detected “unusual activity” on the platform and acted swiftly to contain the system. The airline stated that its systems are now secure and that no operations or safety procedures were affected by the cyberattack.
Despite this, the total extent of the breach remains unknown.
Qantas has warned that the amount of stolen data could be significant, raising concerns about potential misuse of sensitive customer details.
Support for Affected Customers Underway
Qantas CEO Vanessa Hudson issued a public apology to customers. She acknowledged the anxiety this breach could cause and emphasized the airline’s commitment to protecting customer information.
“Our customers trust us with their personal data, and we take that responsibility seriously,” Hudson said.
The airline has already begun reaching out to affected individuals and is working closely with cybersecurity experts and authorities, including:
- The Australian Cyber Security Centre
- The Australian Federal Police
- Independent cybersecurity investigators
The company is offering support and guidance to help customers navigate the potential consequences of this breach.
Qantas Share Price Tumbles
Following the news, Qantas’ share price dropped 3.5% in morning trading. This comes in contrast to a 0.4% rise in the broader market, indicating investor concern over the reputational and operational impact of the incident.
Australia Faces Growing Wave of Cyberattacks
The Qantas cyber hack is just the latest in a string of high-profile cybersecurity incidents in Australia.
In recent years:
2019: Hackers targeted both ruling and opposition political parties ahead of the national elections.
2021: A cyberattack on Nine News disrupted live broadcasts, becoming one of the biggest attacks on Australian media.
2022: Russian hackers struck Medibank, leaking health data from 9.7 million customers onto the dark web.
That attack led to Australia naming and sanctioning a Russian national suspected of being part of REvil, a notorious ransomware group. The same group has been linked to major attacks across the globe, though many of its members were detained by Russian authorities in 2022.
Cybersecurity in Aviation Under Spotlight
This recent Qantas cyber hack has put the spotlight back on cybersecurity risks in the aviation industry. As airlines increasingly rely on digital infrastructure and third-party vendors, vulnerabilities become more widespread.
Cyber experts urge companies to:
- Review third-party data security practices
- Conduct regular audits
- Ensure real-time monitoring of all platforms connected to sensitive customer information
Final Thoughts
The Qantas cyberattack serves as a stark reminder that no organization is immune from growing cyber threats. With millions of customers now potentially exposed, the airline faces the challenge of regaining public trust while strengthening its digital defenses.
