Qantas details impact of data breach on 5.7 million customers

Qantas has started updating 5.7 million customers whose personal data was compromised during a cyber incident at one of its call centres based in Manila in the Philippines last week. Following a forensic analysis, the airline has specified the types of data involved in the breach.

The investigation confirmed that no credit card details, personal financial information or passport details were stored on the compromised system and, therefore, were not accessed. Similarly, Qantas frequent flyer accounts are not directly affected, with no passwords, PINs or login details being exposed. The airline said that the compromised data is insufficient to gain access to these accounts.

However, the analysis revealed that for about four million customers, the breach was limited to names, email addresses and Qantas frequent flyer details. Within this group, 1.2 million records contained a name and email address, while 2.8 million included a name, email address and frequent flyer number, with many also including the member’s tier status. A smaller subset of these records also had points balances and status credits included.

For the remaining 1.7 million customers, the compromised records included a combination of the data fields mentioned above, as well as more sensitive information. This included address, date of birth, phone numbers, gender and meal preferences.

Qantas said there is currently no evidence that any of the stolen personal data has been released, but it continues to actively monitor the situation with the support of cyber security experts.

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” said Qantas group CEO Vanessa Hudson. “From today, we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”

Hudson also said additional cyber security measures have been implemented since the incident and that the airline remains in constant contact with the National Cyber Security Coordinator, the Australian Cyber Security Centre and the Australian Federal Police.

In an interview with Australian broadcaster ABC, Hudson said Qantas has been contacted by “somebody purporting to be the criminal actor” responsible for the breach. The incident has been tentatively linked to an ongoing campaign of cyber attacks orchestrated by Scattered Spider, a hacking collective known for using impersonation, social engineering and rogue device enrolment to bypass multi-factor authentication.

The airline is urging customers to be vigilant for potential scams, particularly those using email, text messages or phone calls that purport to be from Qantas. Customers are advised to independently verify the identity of any caller and are reminded that Qantas will never request passwords or sensitive login information.

A dedicated 24/7 support line has been established to assist customers with specialist identity protection advice. Customers can call 1800 971 541 or +61 2 8028 0534 for support.