Australian flag carrier Qantas has confirmed a significant cybersecurity breach affecting a third-party customer service platform, exposing personal data belonging to about 6 million customers.
The airline revealed that the compromised system, operated by an external service provider, was targeted by cybercriminals who accessed customer names, email addresses, phone numbers, and dates of birth. However, Qantas emphasized that no payment information or passport numbers were stored on the affected platform.
The breach did not impact flight operations or aircraft safety, according to the company.
Qantas has launched a full-scale investigation to assess the scope of the data compromise and is working closely with Australia’s National Cyber Security Coordinator. While the full extent of the breach is still being determined, early assessments suggest a substantial volume of data was accessed.
In a public statement, Qantas CEO Vanessa Hudson issued an apology to affected customers, acknowledging the gravity of the situation and the importance of maintaining customer trust.
The airline is currently contacting impacted individuals and providing guidance on available support measures.
This incident follows a separate privacy issue in 2024 when a mobile app glitch briefly exposed some passengers’ travel information, raising renewed concerns over Qantas’ data protection protocols.
Cybersecurity experts have called for increased vigilance in the aviation sector, warning that data breaches of this scale underscore the growing risks associated with third-party platforms handling sensitive customer information.