Qantas has confirmed that cyber criminals have released customer data stolen during the airline’s early July cyber incident, prompting new concerns for travellers and travel agents alike. The breach, which affected 5.7 million customer records, was traced to a third-party platform used by Qantas and is now under investigation with the help of specialist cybersecurity experts.
While no credit card, passport, or login credentials were compromised, some personal data, including names, contact details, and frequent flyer information, has been exposed. The airline is continuing to work with the Australian Cyber Security Centre and the Australian Federal Police to contain the situation.
What happened
The incident first came to light in July when Qantas identified unauthorised access to a third-party system containing customer data. Following the breach, the airline proactively contacted all affected customers, outlining the specific types of data involved.
Since then, Qantas has obtained a NSW Supreme Court injunction to prevent the use, publication, or sharing of the stolen information. Despite this, cyber criminals have now released a portion of the stolen data online, prompting renewed scrutiny across the aviation industry.
Qantas says it has implemented additional security controls, enhanced team training, and strengthened monitoring systems in response. The airline continues to share updates via its website and 24/7 support line, where customers can also access identity protection services.
What agents can tell clients
For travel agents, the key message is reassurance. While client data may have been exposed, there is no evidence that financial information, passwords, or passport details have been accessed or misused. Qantas has confirmed that Frequent Flyer accounts remain secure and that the exposed data is insufficient to allow unauthorised access to these accounts.
Agents can advise clients to remain vigilant for suspicious emails or messages, particularly those claiming to be from Qantas or other airlines. Encourage customers to avoid clicking on unfamiliar links and to verify communications through official Qantas channels or their agent directly.
Clients with concerns can access assistance through Qantas’ dedicated support line on 1800 971 541 (or +61 2 8028 0534) for identity protection advice.
How this compares globally
Qantas is the latest in a string of major travel brands targeted by cyber attacks in recent years. British Airways, Air India, Cathay Pacific, and Marriott International have all reported similar incidents, each involving the exposure of customer data stored on third-party systems.
For agents, the recurring theme is clear: the travel industry remains a prime target for cybercriminals due to the high volume of personal and financial information collected across booking platforms, loyalty programs, and partner systems.
What this means for the travel trade
Cybersecurity is increasingly a customer-service issue as much as a technical one. Agents play a vital role in reinforcing client confidence and providing accurate, timely information. This incident is an opportunity to demonstrate professionalism by offering clear advice and highlighting the ongoing cooperation between Qantas and government authorities.
In the broader sense, agents may also wish to review their own data management practices—particularly when handling client passports, payment details, or loyalty program information. Simple steps such as stronger passwords, secure file sharing, and timely client communication can go a long way in maintaining trust.
What Qantas is doing next
Qantas has reiterated its commitment to transparency and ongoing updates as the investigation continues. The airline confirmed that while most of the stolen records were limited to basic personal information, a smaller number included additional details such as date of birth, address, phone number, gender, and meal preferences.
The airline emphasised that impacted customers were notified months ago and that no new categories of data have been identified in the recent leak. Qantas’ primary focus remains preventing the unauthorised use or distribution of stolen information.
Agents can stay informed by checking Qantas.com for official updates and by directing clients to do the same.
The takeaway for agents
The Qantas data breach highlights a growing need for digital literacy within the travel trade. While technology has streamlined bookings, payments, and communication, it has also expanded the risk landscape. Agents who can explain these risks clearly, and guide clients through them, will continue to build trust in an increasingly connected travel ecosystem.
KARRYON UNPACKS: Cyber incidents are becoming an unavoidable part of the global travel landscape. For agents, staying informed and communicating clearly with clients is the best defence.
