Last updated: 21 July 2025
Qantas is continuing to respond to the cyber incident that resulted in customer data being compromised.
The incident occurred when a cyber criminal targeted one of our airline contact centres and gained access to a third-party customer servicing platform.
We sincerely apologise for this incident and recognise the uncertainty it has caused.
Our focus is now on updating customers on the types of their personal data that was accessed, so that we can provide the appropriate advice and support to those affected.
Data that was compromised:
Qantas has progressed its forensic analysis of the customer data in the system that was compromised.
There is no evidence that any personal data stolen from Qantas has been released, but with the support of specialist cyber security experts, we continue to actively monitor.
Qantas has reconfirmed no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.
There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and log in details were not accessed or compromised. The data that was compromised is not enough to gain access to these Frequent Flyer accounts.
Specific data fields vary from customer to customer. Our analysis has found:
The majority of customer records that were compromised are limited to:
- Name and/or
- Email address and/or
- Qantas Frequent Flyer number (and in some cases, tier, status credits and points balance).
Some customer records include a combination of the ones above, and one or more of the following:
- Address - This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
- Date of Birth
- Phone number - (mobile, landline and/or business)
- Gender
- Meal preferences.
Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.
How we’re communicating with you:
Qantas is emailing affected customers aged 15 and above for whom we hold an email address to advise them of the types of their personal data that was contained in the impacted system and provide advice and support. Please ensure you check your junk/spam folder.
To provide our Qantas Frequent Flyers with further visibility, you will be able to view the types of your data that were held on the compromised system once you are logged into your account. We expect this capability will be available from later this week.
Support for customers:
Customers can continue to access our dedicated support line:
- Dedicated Support Line: 1800 971 541 or +61 2 8028 0534
- Available: 24/7
All customers have access to specialist identity protection advice and resources through this dedicated team.
For general enquiries, you can also contact Qantas Customer Care through our usual channels.
Upcoming travel:
If you have upcoming travel, there is nothing you need to do. You can check your flight details at any time via the Qantas App or our website.
Actions we are taking:
- We have increased resourcing in our contact centres and have a dedicated support line to support our customers.
- Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes.
Additional advice:
We recommend that customers take the following general precautionary steps and remain vigilant to any misuse of their personal information:
- Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;
- Where available, use two-step authentication, such as an authentication application, for personal email accounts and other online accounts;
- Stay informed of the latest scams and the steps you can take to protect yourself online by visiting Scamwatch and Cyber.gov.au;
- Visit IDCARE's Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and
- Do not provide your online account passwords or any personal or financial information. Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.
Customers who believe they have been targeted by scammers should report it to Scamwatch.