Qantas Data Breach Exposes 5.7 Million Customers: What This Means for Customer Service Security

Australian Airline Says Hackers Leaked Data on Its Customers

Qantas Airways announced on Sunday that personal data of its customers had leaked online after being stolen in a July cyberattack that targeted companies worldwide.

Credit: Hollie Adams/Reuters

How the Breach Happened

Qantas revealed that cybercriminals stole 5.7 million customer records by targeting a call center that used a third-party customer service platform. The airline confirmed it was one of several companies affected by this global attack, though it did not name the specific platform or other affected organizations.

What Information Was Compromised

Most of the stolen records contained names, email addresses, and frequent-flyer details. A smaller portion included more sensitive information such as:

• Business or home addresses
• Dates of birth
• Phone numbers
• Gender information
• Meal preferences

Company Response and Security Measures

Qantas stated that no further intrusions have occurred and the company is cooperating with Australian security agencies. The airline also obtained a court injunction to prevent the stolen data from being "accessed, viewed, released, used, transmitted or published."

Expert Opinion on the Situation

Troy Hunt, a prominent Australian cybersecurity expert, noted that this appears to be the first leak stemming from the July attack. However, he expressed skepticism about the effectiveness of court injunctions in such cases, stating: "It's completely useless. Such orders essentially just ask criminals not to publish stolen data."

Broader Context of Australian Data Breaches

This incident follows a pattern of major data breaches affecting Australian companies across various sectors:

• In 2022, Optus experienced a breach compromising information for nearly 9.8 million customers
• The same year, Medibank Private reported hackers accessed data from about 9.7 million policyholders
• In 2024, MediSecure sustained a cyberattack affecting approximately 13 million people

Rising Trend in Data Breaches

According to the Office of the Australian Information Commissioner, Australian businesses and government agencies reported 1,113 data breaches in 2024 - the highest number since mandatory reporting began in 2018. This represents an approximately 25% increase from the 893 breaches reported the previous year.