Qantas Data Breach Exposes Personal Details of 5.7 Million Customers

Phone numbers, addresses, and dates of birth among leaked information in one of Australia’s largest cyber incidents.

Qantas Data Breach Exposes Personal Details of 5.7 Million Customers — A Qantas and a Virgin aeroplane at Sydney International Airport in Sydney, Australia, on April 3, 2025. David Gray/AFP via Getty Images

7/9/2025|Updated: 7/9/2025

0:00

Qantas Airways has confirmed that personal information belonging to 5.7 million unique customers was compromised in a major cyberattack, making it one of the most significant data breaches in Australia in recent years.

The breach originated from a cyber incident at one of Qantas’s call centres last week.

A detailed forensic analysis of the compromised system revealed that the information accessed varied significantly from customer to customer.

Of the 5.7 million impacted customer records, around 4 million were limited to basic details such as name and email address.

Within this group, approximately 1.2 million had only their name and email exposed. A further 2.8 million records included Qantas Frequent Flyer numbers alongside the name and email, and in many cases also included membership tier information.

A smaller portion of this group also had data such as points balance and status credits exposed.

For the remaining 1.7 million customers, records contained a combination of the above along with more sensitive personal details.

This included 1.3 million addresses, covering both residential and business locations such as hotels provided for misplaced baggage.

Around 1.1 million records contained date of birth, while 900,000 included phone numbers, which could be mobile, landline, or business contact details. In addition, 400,000 records included gender information, and 10,000 listed meal preferences.

Qantas clarified that these records are based on unique email addresses, meaning some customers may have multiple records if they used more than one email with the airline.

No Financial or Account Access Data Compromised

Qantas has confirmed that no credit card details, personal financial information, or passport data were stored in the affected system and therefore were not accessed.

Login details, PINs, and passwords for Qantas Frequent Flyer accounts also remain secure. The company emphasised that the information accessed is not enough to allow unauthorised access to frequent flyer accounts.

“There continues to be no impact to Qantas Frequent Flyer accounts,” the company said in its statement.

With the help of cybersecurity experts, Qantas is closely monitoring for any signs of leaked or published data, though no such activity has been detected so far.

The airline has begun emailing affected customers directly with a breakdown of exactly which personal details were compromised in their individual records.

Agencies on Alert

Qantas Group CEO Vanessa Hudson said the company’s focus has been on transparency and swift communication with affected customers while working closely with authorities.

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Hudson said.

The airline said it remains in regular contact with the National Cyber Security Coordinator, the Australian Cyber Security Centre, and the Australian Federal Police as investigations continue.

Qantas also thanked the federal government for its ongoing support in the response.

We had a problem loading this article. Please enable javascript or use a different browser. If the issue persists, please visit our help center.