Qantas has reported a significant data breach that has potentially affected up to six million customer profiles due to a cyber attack on a third-party customer service platform. The Australian airline detected "unusual activity" on June 30, leading to the discovery that sensitive information such as names, email addresses, phone numbers, birth dates, and frequent flyer numbers was exposed.
Following the breach, Qantas stated it took immediate action to contain the incident and is currently assessing the full impact. While the company indicates that the amount of compromised data is expected to be "significant," it has assured customers that more sensitive information—including passport details, credit card numbers, and personal financial data—was not included in the breached system, nor have frequent flyer accounts, passwords, or PIN numbers been compromised.
To ensure transparency, Qantas has notified the Australian Federal Police, the Australian Cyber Security Centre, and the Office of the Australian Information Commissioner (OAIC) regarding the incident. Qantas Group CEO Vanessa Hudson expressed her regret over the situation, emphasizing that the airline’s operations and safety have not been impacted and urging concerned customers to reach out through a dedicated support line.
This breach marks yet another incident in a concerning pattern of data security failures in Australia, with several other organizations, including AustralianSuper and Nine Media, grappling with data leaks this year. A report from the OAIC highlighted that 2024 was the worst year for data breaches in Australia since it started tracking such incidents in 2018.
Australian Privacy Commissioner Carly Kind has called upon both businesses and governmental bodies to fortify their security measures, cautioning that the threat of cyber attacks from malicious actors remains high, necessitating robust data protection strategies across all sectors.
