Qantas Airlines Hit by Cyberattack, Customer Data Compromised

Australia’s flagship carrier, Qantas Airways, has disclosed a significant cybersecurity breach affecting up to 6 million customers, with cybercriminals gaining unauthorized access to a third-party customer service platform used by the airline’s contact centre operations.

The incident, detected on Monday and contained shortly thereafter, represents one of the most significant data breaches in Australian aviation history, prompting immediate notification to federal cybersecurity agencies and law enforcement.

Key Takeaways
1. 6 million customers affected by cyberattack on Qantas third-party customer service platform.
2. Personal data stolen includes names, emails, phone numbers, birth dates, and frequent flyer numbers (no financial data).
3. System contained, authorities notified (cyber security agencies, police), additional security measures implemented.
4. Dedicated support hotline established (1800 971 541), flight operations unaffected.

The cyberattack targeted a third-party customer servicing platform utilized by Qantas contact centres, with cybercriminals successfully infiltrating the system and accessing sensitive customer information. 

Extensive Customer Database Compromised 

According to the airline’s initial assessment, the compromised database contains service records for approximately 6 million customers, with the company anticipating that the attackers may have exfiltrated a significant proportion of this data.

The breached dataset includes critical personal information such as customer names, email addresses, telephone numbers, birth dates, and Qantas frequent flyer membership numbers. 

However, the airline emphasized that the compromised system did not contain credit card details, personal financial information, or passport data, providing some relief to affected customers. 

Additionally, no frequent flyer account credentials, passwords, PIN numbers, or login authentication details were accessible through the targeted platform, maintaining the integrity of customer account security protocols.

Qantas has implemented comprehensive incident response procedures, which immediately contained the affected system and deployed additional security measures to restrict access and enhance monitoring capabilities. 

The airline has formally notified the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and the Australian Federal Police (AFP), acknowledging the criminal nature of the incident and committing to full cooperation with ongoing investigations.

The airline has established a dedicated customer support hotline at 1800 971 541 (domestic) and +61 2 8028 0534 (international), providing affected customers with specialized identity protection resources and expert consultation services.

Qantas has assured customers that flight operations remain unaffected, with all booking systems and travel services functioning normally. 

The company is working closely with the National Cyber Security Coordinator and independent cybersecurity specialists to conduct a thorough forensic analysis of the breach.

As the investigation continues, Qantas faces potential regulatory scrutiny under Australia’s Privacy Act, with the OAIC empowered to impose significant penalties for data protection failures affecting large customer populations.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free