Qantas has started contacting customers whose data was exposed in last week’s call centre cyber incident, confirming personal details were compromised, but no sensitive financial or passport information was accessed.
Following a detailed forensic investigation, Qantas found around 5.7 million unique customer records were stored in the affected system.
Most included basic data such as names, emails and Qantas Frequent Flyer numbers, with a smaller group also showing membership tiers, points or status credits.
About 1.7 million records contained more detailed personal information like addresses (1.3 million), dates of birth (1.1 million), phone numbers (900,000) and gender (400,000).
A very small number (10,000) included meal preferences. Crucially, Qantas confirms that no credit card details, personal financial information, or passport details were stored in the affected system, meaning they remain uncompromised.
Furthermore, there is no impact to Qantas Frequent Flyer accounts, as passwords, PINs, and login details were not accessed. The compromised data is insufficient to gain access to these accounts.
Affected customers are being notified progressively and can call Qantas’ 24/7 support line (on 1800 971 541 or +61 2 8028 0534) for help, including identity protection guidance.
Qantas is urging all customers to stay alert for suspicious emails or calls and not to share login or personal information.
The airline recommends visiting Scamwatch, the Australian Cyber Security Centre and IDCARE for the latest safety tips and support.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Qantas Group CEO Vanessa Hudson said.
“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.”
In response to the breach, consumer advocacy group CHOICE has reiterated calls for a government-backed aviation ombuds scheme to support airline customers dealing with data breaches and service complaints.
“As consumer concerns about use of their data grow, and airline operations become more data-driven, a robust aviation ombuds scheme is more important than ever,” CHOICE Senior Campaigns and Policy Advisor Bea Sherwood said directly after the breach was reported.
