Qantas says customer data stolen in global cyberattack

[A hacker breaching a computer firewall]
Richard Drury

Qantas Airways (OTCPK:QABSY [https://seekingalpha.com/symbol/QABSY]) (OTCPK:QUBSF [https://seekingalpha.com/symbol/QUBSF]) said Sunday that personal information belonging to millions of its customers was stolen and partially leaked online following a July cyberattack that affected companies around the world.

In a statement [https://www.qantasnewsroom.com.au/qantas-responds/update-on-july-cyber-incident/], the Australian flag carrier said hackers gained access to about 5.7 million customer records through a third-party customer service platform used by one of its call centers. Qantas (OTCPK:QABSY [https://seekingalpha.com/symbol/QABSY]) (OTCPK:QUBSF [https://seekingalpha.com/symbol/QUBSF]) described the incident as part of a broader, coordinated campaign that targeted multiple organizations globally but didn’t identify the vendor involved or disclose which other companies were impacted.

The airline hasn’t said how much of the stolen data has appeared online.

DATA EXPOSED INCLUDES FREQUENT-FLYER DETAILS

According to Qantas (OTCPK:QABSY [https://seekingalpha.com/symbol/QABSY]) (OTCPK:QUBSF [https://seekingalpha.com/symbol/QUBSF]), most of the compromised information includes names, email addresses and frequent-flyer numbers, while a smaller portion contains addresses, birth dates, phone numbers, gender information and meal preferences. The company said no further intrusions have been detected and that it is working closely with Australian cybersecurity authorities.

Qantas said it has also obtained a court injunction intended to block access or distribution of the stolen files, prohibiting anyone from “viewing, releasing, using, transmitting or publishing” the data.

PART OF A BROADER CYBER CRISIS IN AUSTRALIA

Australia has faced a series of large-scale data breaches in recent years affecting telecommunications, health and aviation companies.

In 2022, Optus disclosed what was then the country’s largest known breach, exposing data from nearly 9.8 million customers, including identification numbers and birth dates. Later that year, Medibank Private confirmed hackers had accessed sensitive health data from about 9.7 million policyholders, prompting regulatory action from the Office of the Australian Information Commissioner (OAIC).

In 2024, the federal government revealed that MediSecure, an electronic prescription service provider, was the target of a cyberattack affecting about 13 million Australians.

The OAIC reported that 1,113 data breaches were logged in Australia in 2024, the highest number since mandatory reporting began in 2018 and a 25% increase from the previous year’s total.

Qantas (OTCPK:QABSY [https://seekingalpha.com/symbol/QABSY]) (OTCPK:QUBSF [https://seekingalpha.com/symbol/QUBSF]) said it continues to monitor the situation and has strengthened its data protection measures in response to the attack.

MORE ON QANTAS AIRWAYS LIMITED

* Seeking Alpha’s Quant Rating on Qantas Airways Limited [https://seekingalpha.com/symbol/QABSY/ratings/quant-ratings]
* Historical earnings data for Qantas Airways Limited [https://seekingalpha.com/symbol/QABSY/earnings]
* Dividend scorecard for Qantas Airways Limited [https://seekingalpha.com/symbol/QABSY/dividends/scorecard]
* Financial information for Qantas Airways Limited [https://seekingalpha.com/symbol/QABSY/income-statement]