Australian airline Qantas recently disclosed a significant cyberattack that targeted one of its customer contact centers. The incident involved a breach of a computer system managed by a third-party vendor, which contained sensitive personal data belonging to approximately 6 million Qantas customers. This compromised information included customer names, email addresses, phone numbers, and birthdays. Qantas emphasized that critical financial details, such as credit card information and passport numbers, were not stored within the breached system and were therefore not exposed.

According to Qantas, the cybercriminal specifically targeted a call center to gain unauthorized access to the third-party customer servicing platform. Despite the severity of the data breach, the airline confirmed that there was no impact on Qantas' operational activities or the safety of its flight services. The company has since launched a comprehensive investigation into the cyberattack to determine the full extent of the data stolen, anticipating that the proportion of compromised data will be significant.

In response to the incident, Qantas is actively contacting affected customers to inform them about the breach and provide details regarding available support. Qantas CEO Vanessa Hudson issued a sincere apology to customers, acknowledging the uncertainty and concern the breach would cause. She reiterated the airline's commitment to protecting personal information, stating that they take this responsibility very seriously. Hudson also confirmed that Qantas had reported the incident to Australia's National Cyber Security Coordinator, underscoring the seriousness with which the airline is addressing the breach.

This is not the first instance of data security challenges for Qantas in recent years. The airline had previously apologized in 2024 following a glitch in its mobile application, which inadvertently exposed the names and travel details of some passengers. These repeated incidents highlight ongoing concerns regarding data protection within the airline's systems and those of its third-party providers.