Qantas Airways has announced that it is investigating a major cyberattack that may have compromised the personal data of up to six million customers. Hackers breached a third-party customer service platform, gaining access to names, email addresses, phone numbers, and birth dates. Qantas confirmed that credit card details and passport numbers were not stored on the platform; however, the data exposure is considered ‘significant’. Flight operations and safety remain unaffected.
We sincerely apologise to customers impacted by a recent cyber incident that occurred in one of our contact centres. The system is now contained.
We’re currently contacting customers to make them aware of the incident, apologise and provide details on support available to them.…
— Qantas (@Qantas) July 2, 2025
Chief Executive Vanessa Hudson apologised, stating, “We sincerely regret the uncertainty this causes our customers. We take their trust in us seriously.” The airline has notified Australia’s National Cyber Security Coordinator and is assessing the full scope of the breach.
Dr. Christopher Bronk, cybersecurity expert from the University of Adelaide, reportedly warned that the stolen data could fuel identity theft and online fraud, as cybercriminals may resell it to access victims’ accounts.
The breach adds to Australia’s growing cyberattack wave, following a 2024 Qantas app glitch that exposed passenger details, a 2023 DP World port disruption affecting 40% of freight trade, and 2022 attacks on Medibank (resulting in the exposure of 9 million records) and Optus (affecting 9.8 million customers). In 2025, AustralianSuper and Nine Media also faced leaks. The Office of the Australian Information Commissioner reported 2024 as the worst year for data breaches, with Privacy Commissioner Carly Kind urging stronger protections, noting, ‘No sector is immune’.
