Qantas confirms data breach exposing personal details of 6 million people

Australian airlines Qantas said that a data breach at one of its service providers has compromised the personal information of over 6 million individuals.

 

On July 2, in a data security incident notice published on its website, Qantas said that on June 30, it detected unusual activity on a third-party platform used by one of its airline contact centres. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. 

 

“On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre.  We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure. There is no impact to Qantas’ operations or the safety of the airline,” the airlines said.

 

“There are 6 million customers that have service records on this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

 

“Importantly, credit card details, personal financial information and passport details are not held in this system. No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed,” Qantas added.

 

Qantas has informed the Australian Cyber Security Centre and the Office of the Australian Information Commissioner about the incident. Due to the criminal nature of the breach, the Australian Federal Police have also been alerted. The airline will continue to cooperate with these agencies as the investigation unfolds.

 

In a statement Shared with the media, Qantas Group Chief Executive Officer Vanessa Hudson said, “We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.

 

“We are contacting our customers today and our focus is on providing them with the necessary support.

 

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts,” Hudson added.