Note: This article pertaining to Great. My Personal Information May Have Been Accessed By This “Cyber Incident” With Qantas Airways. was originally published on Friday, July 4, 2025 at 8:03 in the evening and has since been updated.
Great. My personal information was confirmed to have been accessed by this “cyber incident” with Qantas Airways, as sensitive customer information was exposed in a data security breach as the result of the actions of a “cyber criminal” who targeted one of the call centers of the airline in Manila on Monday, June 30, 2025 — meaning that your personal information may also especially be at risk if you one of the thousands of customers who was a passenger with the airline recently.
Update: My Personal Information Was Accessed By This “Cyber Incident” With Qantas Airways.
The following is a letter which I have received via e-mail message on Thursday, July 3, 2025 from Qantas Airways:
Hi,
I’m writing to inform you that we believe your personal information was accessed during the cyber incident we recently experienced. I want to personally apologise that this has happened and explain what we know and how we’re supporting you.
What happened
A cyber criminal targeted one of our airline call centres and gained access to a customer servicing platform. On Monday, we detected unusual activity on a third-party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure.
Information that was accessed
Our initial investigations show the compromised data may include names, email addresses, phone numbers, birth dates and Frequent Flyer numbers.
Importantly, your credit card details, financial information and passport details were not accessed.
What we’re doing for you
Regular updates will be available on our dedicated webpage. We’ve also established a dedicated support line for affected customers on 1800 971 541 or +61 2 8028 0534, with access to specialist identity protection advice and resources through this team.
What you should do
We recommend:
- Remaining alert for unusual communications claiming to be from Qantas
- Being cautious of emails or calls asking for personal information or password
Remember, Qantas will never contact you requesting passwords, booking reference details or sensitive login information.
Your travel
If you have upcoming travel, you can check your flight details through the Qantas App or website as normal.
Our commitment
We’re taking this incident extremely seriously and working with government agencies and independent cyber security experts. We’re implementing additional security measures to strengthen system monitoring and protection of your information as part of our response. If we identify new important information as we continue to investigate and respond to this incident, we will share it with our customers.
Again, we are deeply sorry this occurred and our focus is on doing all we can to support you.
Vanessa Hudson
CEO
Qantas Group
“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts”, according to this message at the official Internet web site of Qantas Airways. “We have also notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.”
How nice. I feel better already.
As an update, I did receive another letter via e-mail message on Tuesday, July 8, 2025 from Qantas Airways:
Dear Qantas Customer,
I am writing to provide you with an update on your data that was accessed as part of the recent cyber incident.
On Monday 30 June 2025, we detected unusual activity on a third-party platform used by a Qantas Airline contact centre. We took immediate steps and contained the system.
I know this incident has been concerning and I am deeply sorry for the uncertainty this has caused.
What specific data of yours was accessed?
Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed:
- Name
- Email address
Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may receive a separate notification to each impacted email address.
There is no evidence that any stolen personal data has been released but, with the support of specialist cyber security experts, we continue to actively monitor.
I’d like to reassure you that our investigation has reaffirmed that no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.
What steps can I take to protect myself?
We recommend that you take the following general precautionary steps and remain vigilant to any misuse of your personal information:
- Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;
- Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;
- Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage;
- Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and
- Do not provide your online account passwords, or any personal or financial information. Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.
Customers who believe they have been targeted by scammers, should report it to Scamwatch.
Support available
You put your trust in us with your personal information, and we take that responsibility very seriously.
If you have any concerns, please contact our dedicated 24/7 customer support line at 1800 971 541 or +61 2 8028 0534.
You’ll be able access specialist identity protection advice and resources through this team.
We appreciate your patience while we worked through this investigation and sincerely apologise.
Vanessa Hudson
CEO
Qantas Group
I then received yet another update from Qantas Airways via e-mail message on the morning of Friday. July 11, 2025:
Dear Qantas Customer,
We are writing to provide you with an update following our previous email about the cyber incident on Monday 30 June 2025.
Additional data type identified
Our ongoing investigation has identified that your phone number details were accessed in addition to the data types we previously advised.
What you should do
We recommend you remain vigilant for any unexpected contact by phone, in addition to the email and text message precautions we outlined in our previous communication.
All customers continue to have access to our dedicated 24/7 customer support line at 1800 971 541 or +61 2 8028 0534. Please make use of this support for access to specialist identity protection advice and resources if you have any concerns.
Qantas
Approximately 5.7 million unique customer records were found in the system after duplicate records were removed — including:
- 4 million records, which included name, e-mail address, and Qantas Frequent Flyer membership account details
- 1.2 million with only the name and e-mail message, which is the group that I am in
- 2.8 million with name, e-mail address, and Qantas Frequent Flyer membership number
- 1.7 million records, which included combinations of:
- 1.3 million by addresses of places which include homes, businesses, and hotel and resort properties for lost baggage delivery
- 1.1 million by date of birth
- 900,000 by telephone numbers, which is also the group that I am in
- 400,000 by ender
- 10,000 by meal preferences
Final Boarding Call
I suppose that dealing with the after effects of Tropical Cyclone Alfred were not enough — but looking at this with a positive note, at least only my name and e-mail address were accessed. This issue could have been significantly worse.
I am fortunate that I do not have a membership account with Qantas Airways, as I earned miles in the American Airlines AAdvantage membership program for my trip to Australia earlier this year — so perhaps the chance of my miles being stolen may be mitigated. I also have no upcoming travel scheduled with the airline.
Still, I might get flooded with junk mail — like I have nothing better to do with my time.
Between the incidents involving The Hertz Corporation, Delta Air Lines, Hyatt Corporation, Hilton, Kimpton Hotels and Restaurants, British Airways, Marriott, Facebook, Equifax, and other various companies over the years, protecting your sensitive information has become almost impossible to do…
…and yet, few measures are in place to rectify the potentially disastrous results which could possibly occur from these data breaches — as though few corporations and government entities are unconcerned about confronting the seriousness of such breaches and attacks.
If you were affected by the latest breach of sensitive data with Qantas Airways, you would have received an official notice as I did. Forget about looking forward to any meaningful compensation: greater than 344 million customers — including me, when my Starwood Preferred Guest account was compromised and wiped out back on Friday, January 16, 2015 before the issue was initially resolved six days later — were affected by the data breaches over the years with both Marriott International, Incorporated and Starwood Hotels & Resorts Worldwide LLC. The $52 million that Marriott International, Incorporated was ordered to pay by the Federal Trade Commission of the United States comes out to…
…are you ready?…
…approximately 15 cents per person — and that is not including legal fees or other expenses.
Don’t think that you should feel more safe and secure with regard to your personal information and data, as another breach in the security of your — as well as my — sensitive data is inevitable sometime in the near future…
All photographs ©2025 by Brian Cohen.
