Source: go.theregister.com – Author: Simon Sharwood
Australian airline Qantas on Wednesday revealed it fell victim to a cyberattack that saw information describing six million customers stolen.
“On Monday [June 30], we detected unusual activity on a third party platform used by a Qantas airline contact centre,” states a company announcement. “We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure.”
The airline said the platform stored names, email addresses, phone numbers, birth dates and frequent flyer numbers for six million customers. Qantas did not use the system to store credit card details, personal financial information, or passport details.
Qantas suggests that attackers could not access all the six million exposed records, and analysis The Register offers as in a statement the airline wrote “We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.” However an FAQ about the incident states “For those customers whose information has been potentially compromised, you will receive further communication from us.”
Combined, those quotes suggest Qantas isn’t yet certain how many customer records are at risk.
- Airbus A380 flew for 300 hours with metre-long tool left inside engine
- Qantas app glitch sees boarding passes fly to other accounts
- Snakes on a Plane meets The Simpsons as airline creates ‘whacker’ to scare reptiles away from parked A380s
- Reg hack survives world’s longest commercial flight
The airline has assured customers its operations remain safe, and that it is working to get to the bottom of the matter with appropriate haste.
Qantas dominates Australia’s commercial aviation industry, and almost half the nation’s populace are members of its frequent flyer program. Myriad commercial partners such as banks, retailers, and energy companies also participate in the scheme. If the blast radius of this incident expands to any of those partners, this attack could join the ranks of Australia’s most notorious cyberattacks such as the 2022 attack on health insurer Medibank that saw ten million records leak and the nine-million-record leak at telco Optus.
Qantas has not identified the platform attacked in this incident. The airline is a known user of Salesforce and Genesys, vendors whose wares are often deployed in call centres. ®
Original Post URL: https://go.theregister.com/feed/www.theregister.com/2025/07/02/qantas_data_theft/
Category & Tags: –
Views: 4