Australian airline Qantas is currently investigating a "significant" cyber attack that has compromised a system containing sensitive data belonging to six million customers. The breach occurred within one of Qantas's customer contact centres, where hackers infiltrated a computer system managed by a third party. The stolen information includes customer names, email addresses, phone numbers, and birthdays. However, Qantas has confirmed that credit card details and passport numbers were not stored in the breached system, and there has been no impact on the airline's operations or safety.

Chief executive Vanessa Hudson has publicly apologized to customers for the uncertainty this incident will cause, emphasizing the airline's commitment to protecting personal information. Qantas has also notified Australia's National Cyber Security Coordinator regarding the breach. Cybersecurity experts have weighed in on the potential repercussions, with Christopher Bronk from the University of Adelaide stating that the stolen data could be exploited for identity theft and other computer-enabled fraud, as it holds value for resale among criminal networks.

This incident adds to a growing list of major cyberattacks that have raised significant concerns about the protection of personal data in Australia. Cybersecurity expert Rumpa Dasgupta from La Trobe University highlighted that these recurring attacks indicate many organizations are still neglecting cybersecurity, stressing the need for it to be treated with utmost importance. Previous notable cyber incidents in Australia include a Qantas mobile app glitch in 2024 that exposed passenger names and travel details, a 2023 attack on DP World that halted major ports handling 40 percent of Australia's freight trade, and 2022 breaches affecting one of Australia's largest private health insurers (Medibank), impacting over nine million customers, and telecom company Optus, affecting up to 9.8 million people.