Australian airline Qantas has confirmed that it was the target of a serious cyberattack, during which unauthorized access was gained to the data of as many as four million users of the Qantas Frequent Flyer loyalty program. The company stated that the compromised data included names, email addresses, and membership details, with varying levels of exposure among affected users.
Out of the four million compromised records, 1.2 million contained only names and email addresses, while the data of 2.8 million users also included their Qantas Frequent Flyer membership numbers. For most of these users, their membership status was visible, and for a smaller number, their points balance and the number of earned status credits were also exposed.
Additionally, records for the remaining 1.7 million users included combinations of the aforementioned data along with other sensitive information. For 1.3 million users, residential or business addresses were exposed, including hotel addresses used for lost baggage deliveries. Dates of birth were compromised for 1.1 million users, while phone numbers — including mobile, landline, and business lines — were affected for 900,000 individuals. There was also a data leak involving the gender of 400,000 users and dietary preferences for about 10,000 members.
The company emphasized that the incident was limited to an internal system and was not connected to an external attack on core infrastructure or the broader IT system. All affected users were directly notified by Qantas, which also activated additional security measures, including monitoring for suspicious activity and resetting security settings. Support and guidance on protecting personal data were also offered to users.
Qantas is working with government cybersecurity agencies and independent experts to thoroughly investigate the incident. The company stated that user security and privacy are top priorities and that additional efforts are being made to strengthen data protection. This incident comes at a sensitive time for the Australian aviation sector, which is recovering from the effects of the pandemic and facing growing pressure in the area of digital security.
Australia’s national carrier has apologized to affected users for the concern this incident may have caused and encouraged them to contact customer support if they notice any irregularities or have further questions. More information about the exact cause of the incident and any potential system failures is expected in the coming weeks.
