Qantas Suffers Major Cyber Hack Affecting 6 Million Customer Accounts

Australian airline Qantas revealed on Wednesday that a cyber hacker accessed a third-party customer service platform used by one of its call centres, compromising the personal data of approximately six million customers. The breach exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers, marking Australia’s most significant cyberattack in recent years.

Qantas has not disclosed the call centre’s location or the precise number of affected customers but confirmed the breach was discovered after detecting unusual activity. The airline is still investigating the full scope of the stolen data but expects it to be substantial. Importantly, Qantas stated that frequent flyer accounts, passwords, PINs, or login credentials were not accessed, and operations and safety were not impacted.

The incident occurs amid heightened cyber threats targeting airlines worldwide. The FBI recently reported that the hacker group Scattered Spider has targeted airlines such as Hawaiian Airlines and WestJet. While Qantas did not identify the attacker, cybersecurity experts warn that social engineering attacks on airline staff may be involved.

This breach brings unwelcome scrutiny to Qantas, which is recovering from a reputational crisis caused by controversies during the COVID-19 pandemic, including illegal staff layoffs and ticketing issues. Qantas CEO Vanessa Hudson acknowledged the seriousness of the breach and assured customers of the airline’s commitment to protecting personal information. Authorities including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police have been notified.

Qantas shares fell 2.4% in afternoon trading, while the overall market rose.