The only airline in the world that flies to all seven continents, Qantas, has fallen victim to a cyberattack that has exposed the data of millions of customers.
As reported by Cybernews, a third-party platform used by the company’s contact center was breached on June 30th, 2025 by a cybercriminal who targeted a call center and successfully managed to gain access to a servicing platform. This gave them unauthorized access to the personal data of millions of Qantas customers. However, the company has stressed that the airline’s operations have not been affected and that only customer not company data was stolen in the attack.
The breached data includes names, email addresses, phone numbers, birth dates and frequent flyer numbers. Qantas has specifically said that the system does not store payment information such as credit card details, passport details or financial information. Likewise, no passwords, PIN numbers or login details were accessed, according to the airline’s statement.
While the exposed data is not as critical as it could have been, it’s still enough for hackers to compose phishing emails and scams to trick flyers and others into handing over additional information which can then be used for malicious activities and in other cyberattacks.
Qantas says it’s working alongside the Federal Government’s National Cyber Security Coordinator as well as other authorities.
How to stay safe after a data breach
Qantas says customers who think they may have been affected by this data breach can contact the company via its dedicated support lines which are available 24/7. The company is also offering access to identity protection advice and resources.
If you think your data has been compromised by this breach, you'll definitely want to look into those resources and take additional steps like signing up for one of the best identity theft protection services. However, it's worth noting that identity theft protection is the kind of thing you need to sign up for before an attack and not afterwards in order to claim identity theft insurance payouts.
You should also monitor all of your financial accounts for signs of fraud or abuse, and you may even want to freeze your credit with the three major credit bureaus: Equifax, Experian and TransUnion. This keeps cybercriminals with access to your stolen data from taking out loans in your name.
Keep in mind, once your data has been breached, threat actors will be looking to make you a target so be on alert for signs of phishing scams and social engineering attacks so you can watch out for them. You're always the last line of defense when it comes to malware, and threat actors will take all the information they have in order to try and trick you into clicking on a malicious link or downloading an app or software that appears legitimate but actually contains viruses.
Never click on unexpected links, QR codes or attachments or links from unknown senders. Verify through independent means if someone contacts you asking you to download or click on something. Likewise, don't share personal information with people you don't know online, and clear out any old emails that may contain personal details and information.
With 6 million people affected, this data breach could have been a whole lot worse. Fortunately though, Qantas doesn't store its customers' personal and financial data in the same place. Still, a data breach like this one is the perfect reminder to carve out some time to improve your own cyber hygiene. That way, you'll be ready for when a big attack or breach comes.
More from Tom's Guide
- Over half a million people impacted by major data breach — full names, SSNs, financial data and more exposed
- FBI warns scammers are posing as fraud investigators to steal sensitive healthcare info — what you need to know
- Xfinity just added Wi-Fi-powered motion tracking to its routers — here's why it could be a privacy nightmare
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
