Cyber Incident Victim: Qantas
Date:
Jun 2025
Location:
Australia
Summary
Qantas detected activity on a platform used by a contact centre and contained the breach after finding access to customer names, email addresses, phone numbers, dates of birth and frequent flyer numbers. The airline said credit card details, financial information, passport data, passwords, PINs and login credentials were not exposed and that no frequent flyer accounts were compromised. It is working with the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police while offering a support line and identity‑protection resources to affected customers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Monday 30 June 2025, Qantas detected unusual activity on a third‑party platform used by one of its airline contact centres and immediately initiated containment measures. The company confirmed that a cyber criminal had targeted the call centre and gained access to that third‑party customer servicing platform. An initial review of the compromised data showed that it included some customers’ names, email addresses, phone numbers, dates of birth and Frequent Flyer numbers. Qantas stated that it is continuing to investigate the proportion of the data that has been stolen and expects the breach to be significant.
The airline emphasized that credit card details, personal financial information and passport details are not stored in the affected system, and that no Frequent Flyer accounts were compromised nor were passwords, PIN numbers or login details accessed. Qantas also confirmed that there is no impact to its flight operations or the safety of its airline services as a result of the incident. Customers with upcoming travel were told that no action is required and that they can continue to check flight details via the Qantas App or website. The company noted that there is currently no indication that Frequent Flyer points were stolen in connection with the breach.
Qantas is working with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts, and has notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the Australian Federal Police due to the criminal nature of the incident. The airline has established a dedicated customer support line at 1800 971 541 or +61 2 8028 0534, available 24/7, through which affected customers can receive specialist identity protection advice and resources. Additional security measures are being implemented to further restrict access and strengthen system monitoring and detection, and Qantas will continue to share updates on its information page as the investigation progresses. The airline reiterated that it will never contact customers requesting passwords or other sensitive information via email, text or phone calls.