Qantas cyber incident
We are aware of increased reports of scammers impersonating Qantas.
These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.
There are also a number of scams affecting several Australian organisations that have been reported on in recent months and were occurring before our incident. Some are cyclical based on time of year. These are unrelated to Qantas.
Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.
There is still no evidence that any personal data stolen from Qantas has been released, but with the support of specialist cyber security experts, we continue to actively monitor.
If you have a customer who believes they have been targeted by scammers, please advise them to report it immediately to Scamwatch.
Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.
Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.
- Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;
- Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;
- Never provide online account passwords, or any personal or financial information;
- Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;
- Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information;
Customers can continue to access our dedicated support line on 1800 971 541 or +61 2 8028 0534 and have access to specialist identity protection advice and resources through this team.
To help further protect our customers impacted by the recent cyber incident, Qantas has obtained an interim injunction in the NSW Supreme Court.
This prevents the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties.
We want to do all we can to protect our shared customers’ personal information and believe this was an important next course of action.
We would like to reassure customers that there continues to be no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.
Our focus continues to be on doing all we can to support our affected customers.
Once again, we sincerely apologise to all of our customers that this occurred.
What happened
On Monday 30 June 2025, we detected unusual activity on a third-party platform used by a Qantas airline contact centre. We immediately contained the system and can confirm Qantas systems remain secure.
We are continuing to investigate the proportion of data that has been stolen. Our initial investigations show the compromised data includes some names, email addresses, phone numbers, date of birth and frequent flyer numbers.
Data that was compromised
Qantas has progressed its forensic analysis of the customer data in the system that was compromised.
There is no evidence that any personal data stolen from Qantas has been released, but with the support of specialist cyber security experts, we continue to actively monitor.
Qantas has reconfirmed no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.
There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and log in details were not accessed or compromised. The data that was compromised is not enough to gain access to these Frequent Flyer accounts.
Specific data fields vary from customer to customer. Our analysis has found:
The majority of customer records that were compromised are limited to:
- Name and/or
- Email address and/or
- Qantas Frequent Flyer number (and in some cases, tier, status credits and points balance).
Some customer records include a combination of the ones above, and one or more of the following:
- Address - This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
- Date of Birth
- Phone number - (mobile, landline and/or business)
- Gender
- Meal preferences.
We can confirm outside of some residential and business addresses, including hotels for baggage services, there are a number of these fields that are invalid.
Not all are full addresses, some are postcode only, and some are a number of years old, for example. However, we have decided to notify everyone that had a potential address field populated in an effort to be transparent as possible.
Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.
How we're communicating with customers
Qantas is emailing affected customers aged 15 and above for whom we hold an email address to advise them of the types of their personal data that was contained in the impacted system and provide advice and support. Customers are advised to check their junk/spam folder.
To provide our Qantas Frequent Flyers with further visibility, they will be able to view the types of their data that were held on the compromised system once they are logged into their account. We expect this capability will be available from later this week.
Supporting our customers
For further information, refer to our dedicated support line on 1800 971 541 or +61 2 8028 0534, including specialist identity protection advice, or visit our webpage.
Your customers' travel plans
If customers have upcoming travel, there is nothing they need to do. There is no impact to Qantas operations or the safety of the airline. Customers can check their flight details at any time via the Qantas App or via our website.
Actions we are taking:
- We have increased resourcing in our contact centres and have a dedicated support line to support our customers.
- Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes.
Additional advice
We recommend that customers take the following general precautionary steps and remain vigilant to any misuse of their personal information:
- Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;
- Where available, use two-step authentication, such as an authentication application, for personal email accounts and other online accounts;
- Stay informed of the latest scams and the steps you can take to protect yourself online by visiting Scamwatch and Cyber.gov.au;
- Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and
- Do not provide your online account passwords or any personal or financial information. Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.
Customers who believe they have been targeted by scammers should report it to Scamwatch.