Qantas confirms significant data breach affecting millions of customers
- A cybercriminal targeted a third-party customer service platform used by Qantas.
- Sensitive personal information of approximately six million Qantas customers was exposed during the breach.
- The incident highlights the importance of cybersecurity for companies relying on third-party services.
On June 30, 2025, Australian airline Qantas experienced a notable cyberattack that exploited a vulnerable third-party customer service platform. This malicious intrusion allowed cybercriminals to access sensitive personal data belonging to approximately six million customers. The compromised information comprised names, email addresses, phone numbers, birth dates, and frequent flyer numbers, significantly impacting the affected individuals' privacy and security. Qantas quickly detected unusual activity on the platform and acted immediately to contain the breach, ensuring that all core Qantas systems remained secure and unaffected. The company emphasized that no credit card details, personal financial information, or passport information were stored on the breached system, which provides some relief amidst the troubling event. Following their detection of the breach, Qantas took thorough measures to strengthen security protocols and restore customer confidence. Additionally, the airline communicated openly with its customers, apologizing and acknowledging the serious implications this incident posed for their trust. Vanessa Hudson, the Qantas Group CEO, reaffirmed the company's commitment to protecting customer data, stating the importance of cybersecurity in the airline industry as threats from cybercriminals continue to persist. The Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police were notified regarding this incident, illustrating Qantas's proactive approach to compliance and cooperation with authorities. As a result of this event, customers were advised that there was no need for concern regarding upcoming travel, and they could still access flight details via Qantas's app or website. However, this incident serves as a stark reminder of the increasing vulnerabilities faced by companies reliant on third-party platforms, underscoring the necessity for robust cybersecurity measures and monitoring across the industry to protect sensitive customer information.