This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Qantas

Summary

Qantas detected a cyber attack on 30 June 2025 affecting a third-party platform used by its Manila-based call centre. The breach, believed to involve social engineering tactics, compromised data belonging to 5.7 million unique customers, including names, email addresses, phone numbers, dates of birth, frequent flyer numbers, and addresses. The call centre primarily handles Qantas Business Rewards, Frequent Flyer program, and Qantas Club enquiries.

What Happened

On 30 June 2025, Qantas detected unusual activity on a third-party platform used by its call centre operations in Manila. Cybercriminals targeted the call centre and gained unauthorised access to the third-party platform, presumably through social engineering techniques. The compromised system contained customer service records related to the Qantas Business Rewards program, Qantas Frequent Flyer program, and Qantas Club. After removing duplicate records, the investigation determined that 5.7 million unique customers were affected.

Impact on Individuals

The breach affected 5.7 million unique Qantas customers. The stolen data varied by customer: 1.2 million records contained name and email address only; 2.8 million records contained name, email address, and Qantas Frequent Flyer number; and 1.3 million customers had address information exposed. Additionally, phone numbers and dates of birth were compromised for some customers. Qantas confirmed that passwords, PINs, login credentials, credit card details, personal financial information, and passport details were not held in the breached system and therefore were not compromised.

Organisational Response

Qantas established dedicated support lines for affected customers and commenced working with Australian cyber security authorities. The airline conducted a comprehensive investigation to determine the scope and nature of the compromised data. Qantas confirmed that sensitive authentication credentials and financial information were not stored in the affected system, limiting the potential for account compromise.

Verification Source: View original statement