Date: 02 July 2025
Qantas Airways has confirmed a significant cyber incident affecting one of its contact centres, resulting in the compromise of customer data stored on a third-party customer servicing platform. The breach potentially impacts service records of up to six million customers. The affected system has been contained, and there is no impact on flight operations or airline safety.
Overview
A cybercriminal accessed a third-party platform used by a Qantas contact centre, compromising customer data including names, email addresses, phone numbers, birth dates, and frequent flyer numbers. No financial information, passport details, or login credentials were accessed
Incident Type
Data breach via third-party platform compromise
Systems Impacted
Third-party contact centre platform only; all core Qantas systems remain secure
Mitigation and Current Status
- The breach is under active investigation by Qantas and external cyber security experts.
- The Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police have been notified.
- Qantas has established a dedicated support line and information page for affected customers
- Customers are advised to be cautious of potential phishing attempts and to monitor their accounts for suspicious activity.
Reference
Need Help?
If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.
