Qantas suffers major data breach, 5.7 million customers affected

Australian airlines Qantas said the data security incident it suffered recently compromised the sensitive personal data of 5.7 million passengers.

 

On July 2, Qantas said that it detected a data security incident affecting a third-party platform used by one of its airline contact centres, but added that the incident did not affect its internal network or impact its daily operations.

 

In an update on July 9, Qantas said it has identified 5.7 million individuals impacted by the incident.

 

A total of 4 million customer records were involved, containing names, email addresses, and Qantas Frequent Flyer details. Of these, 1.2 million records included only names and email addresses, while 2.8 million contained names, email addresses, and Frequent Flyer numbers, with most also including tier information and a smaller subset containing points balance and status credits. 

 

The remaining 1.7 million records had a mix of these details along with additional information, such as addresses (1.3 million), dates of birth (1.1 million), phone numbers (900,000), gender (400,000), and meal preferences (10,000).

 

Qantas added that no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.

 

The airline company has begun notifying affected customers about the nature of their compromised data and is providing advice and support.

 

In a statement Shared with the media, Qantas Group Chief Executive Officer Vanessa Hudson said, “Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible.

 

“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services

 

“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened

 

“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support,” Hudson added.