Qantas has begun contacting the 5.7 million customers whose data was accessed in last week’s data breach, with specific information about which of their personal information was stolen by a cyber criminal.
The airline first identified that a cyber breach had occurred at one of its contact centres in the Philippines on Monday, 30 June 2025. It then informed the public of the incident on Wednesday, 2 July.
Qantas initially said that around six million customers were impacted. After removing duplicate records, the airline now says the number is around 5.7 million. That is likely to be a majority of active Qantas Frequent Flyer members.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened,” Qantas CEO Vanessa Hudson said.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.”
Qantas has also revealed that it was contacted by a potential cyber criminal earlier this week. But at this stage, Qantas does not believe that any of the stolen data is in the public domain.
Qantas contacting affected customers
After investigating further, Qantas this morning began emailing the affected customers to inform them about which of their specific details were accessed in the incident.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” Hudson said.
“From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”
Many AFF members have already started receiving these emails, but it will take a bit of time for Qantas to send these to everyone affected.
What personal information was accessed?
Fortunately, no credit card details, passport numbers or frequent flyer account PINs were accessed in the data breach. But Qantas has today revealed the full extent of the customer information that was stolen.
Around 1.2 million of the customer records only contained names and email addresses. Another 2.8 million contained names, email addresses, Qantas Frequent Flyer account numbers and Qantas status tiers. Some of those records also included the person’s frequent flyer points balance and the number of status credits in their account.
The remaining 1.7 million records contained some or all of that information, as well as:
- Residential and/or business addresses (1.3 million customers)
- Dates of birth (1.1 million customers)
- Phone numbers (900,000 customers)
- Genders (400,000 customers)
- Meal preferences (10,000 customers)
What should you do?
At this stage, Qantas says that frequent flyer accounts remain secure.
Fortunately, Qantas Frequent Flyer has used two-factor authentication since 2019. This makes it much harder for bad actors to log into other people’s frequent flyer accounts. Since 2020, customers even have the option to set up two-factor authentication via an Authenticator App for added security.
For now, if you are in the group of customers whose frequent flyer status tier and points balance information was also breached, you should be especially vigilant of any emails you receive that claim to be from Qantas.
Someone with access to information such as your name, email, frequent flyer number, status tier and points balance could potentially send fraudulent emails which appear to be quite genuine emails from Qantas. If in doubt, you can check the domain of the email sender and contact Qantas to verify the legitimacy of any emails you receive.
You should also be especially careful of clicking on any links in emails or texts you receive which claim to be from Qantas, and do not give your Qantas Frequent Flyer PIN to anyone.
Qantas has set up a dedicated 24/7 support line for customers concerned about the data breach. You can call 1800 971 541 or +61 2 8028 0534 to speak to that team, or visit the Qantas website for more information about the breach and recommended actions.
