Qantas can confirm that a cyber incident has occurred in one of its contact centres impacting customer data. The system is now contained.

We understand this will be concerning for customers. We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available.

The incident occurred when a cyber criminal targeted a call centre and gained access to a third party customer servicing platform.

There is no impact to Qantas’ operations or the safety of the airline.

What we know

On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre.  We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure.

There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

Importantly, credit card details, personal financial information and passport details are not held in this system. No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed.

Actions we are taking

While we conduct the investigation, we are putting additional security measures in place to further restrict access and strengthen system monitoring and detection.

Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.

Qantas has established a dedicated customer support line as well as a dedicated page on qantas.com to provide the latest information to customers. We will continue to share updates including via our website and social channels.

Qantas Group Chief Executive Officer Vanessa Hudson said:

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously.

“We are contacting our customers today and our focus is on providing them with the necessary support.

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.”