Last week, Qantas confirmed a significant data breach affecting nearly 6 million customers, with most having their personal information compromised. According to reports, around 5.7 million unique customer records were impacted, with 4 million containing basic details such as names, email addresses, and frequent flyer numbers. Specifically, 1.2 million records held only names and emails, while 2.8 million included frequent flyer numbers, occasionally with their status tiers.
For some individuals in this latter group, further sensitive information such as Points Balance and Status Credit balances may have been accessed, indicating a targeted attack. In addition, the breach has also affected 1.7 million customers with a mix of other details; notably, 1.3 million addresses—either home, business, or hotel addresses used for baggage re-delivery—leaked as well. Other compromised information includes dates of birth (1.1 million), phone numbers (900,000), and even meal preferences for 10,000 customers.
Qantas CEO Vanessa Hudson addressed the incident, stating that the company is working diligently to notify impacted customers about the specific data that was compromised and to provide necessary support services. Since the breach, Qantas has implemented enhanced cybersecurity measures and is collaborating with authorities, including the National Cyber Security Coordinator and the Australian Federal Police, to investigate and mitigate the effects of the breach.
As of now, none of the stolen information has been found online or on the Dark Web, although Qantas has received inquiries from potential cybercriminals. Experts believe these individuals may attempt to extort the airline for ransom or leak data to validate their claims. Customers are advised to remain vigilant and be on guard against potential scams, such as phishing attempts via calls, texts, or emails that may falsely appear to be from Qantas. The airline continues its commitment to protecting customer data while navigating this challenging situation.