6 million hit in major airline data breach — everything you need to know

Man at airport terminal holding passport, ticket and phone
(Image credit: Shutterstock / TravnikovStudio)

The only airline in the world that flies to all seven continents, Qantas, has fallen victim to a cyberattack that has exposed the data of millions of customers.

As reported by Cybernews, a third-party platform used by the company’s contact center was breached on June 30th, 2025 by a cybercriminal who targeted a call center and successfully managed to gain access to a servicing platform. This gave them unauthorized access to the personal data of millions of Qantas customers. However, the company has stressed that the airline’s operations have not been affected and that only customer not company data was stolen in the attack.

The breached data includes names, email addresses, phone numbers, birth dates and frequent flyer numbers. Qantas has specifically said that the system does not store payment information such as credit card details, passport details or financial information. Likewise, no passwords, PIN numbers or login details were accessed, according to the airline’s statement.

While the exposed data is not as critical as it could have been, it’s still enough for hackers to compose phishing emails and scams to trick flyers and others into handing over additional information which can then be used for malicious activities and in other cyberattacks.

Qantas says it’s working alongside the Federal Government’s National Cyber Security Coordinator as well as other authorities.

How to stay safe after a data breach

An open lock depicting a data breach

(Image credit: Shutterstock)

Qantas says customers who think they may have been affected by this data breach can contact the company via its dedicated support lines which are available 24/7. The company is also offering access to identity protection advice and resources.

If you think your data has been compromised by this breach, you'll definitely want to look into those resources and take additional steps like signing up for one of the best identity theft protection services. However, it's worth noting that identity theft protection is the kind of thing you need to sign up for before an attack and not afterwards in order to claim identity theft insurance payouts.

You should also monitor all of your financial accounts for signs of fraud or abuse, and you may even want to freeze your credit with the three major credit bureaus: Equifax, Experian and TransUnion. This keeps cybercriminals with access to your stolen data from taking out loans in your name.

Keep in mind, once your data has been breached, threat actors will be looking to make you a target so be on alert for signs of phishing scams and social engineering attacks so you can watch out for them. You're always the last line of defense when it comes to malware, and threat actors will take all the information they have in order to try and trick you into clicking on a malicious link or downloading an app or software that appears legitimate but actually contains viruses.

Never click on unexpected links, QR codes or attachments or links from unknown senders. Verify through independent means if someone contacts you asking you to download or click on something. Likewise, don't share personal information with people you don't know online, and clear out any old emails that may contain personal details and information.

With 6 million people affected, this data breach could have been a whole lot worse. Fortunately though, Qantas doesn't store its customers' personal and financial data in the same place. Still, a data breach like this one is the perfect reminder to carve out some time to improve your own cyber hygiene. That way, you'll be ready for when a big attack or breach comes.

More from Tom's Guide

Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.