Qantas begins emailing customers with hack details

Separately, the airline has also revealed that 5.7 million passengers were targeted in total, and broken down the number of those whose names, emails, phone numbers, and other data fields were compromised.

The incident reportedly involved cyber criminals using AI to impersonate a Qantas employee and then tricking a customer service operator in Manila into divulging crucial information.

While no group has claimed responsibility, reports suggest that a hacking collective known as Scattered Spider may be behind the attack.

On Wednesday, Qantas sent a new email to customers, written by chief executive Vanessa Hudson.

“On Monday, 30 June 2025, we detected unusual activity on a third-party platform used by a Qantas Airline contact centre,” it reads. “We took immediate steps and contained the system. I know this incident has been concerning, and I am deeply sorry for the uncertainty this has caused.”

The email explains that Qantas’ cyber security teams have been investigating the data compromised in the incident, and that they’re now able to confirm that, in the case of the email seen by Australian Aviation, the customer’s name, Qantas Frequent Flyer number, and Frequent Flyer Tier were all compromised.

VIEW ALL

“Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may receive a separate notification to each impacted email address,” the email said.

“There is no evidence that any stolen personal data has been released, but with the support of specialist cyber security experts, we continue to actively monitor.”

Qantas said no passwords or PINs were compromised, and Frequent Flyer accounts remained secure. More information would be available to customers this week.

“To provide our Qantas Frequent Flyers with further visibility, you will be able to view the types of your data that were held on the compromised system once you are logged into your account,” the email said.

“We expect this capability will be available from later this week.”

At the same time, the airline has also now confirmed that the number of customers impacted was 5.7 million. Four million customers have had their names, email addresses, and Frequent Flyer numbers compromised. Of this number, 1.2 million records contained a name and email address, while 2.8 million included name, email address and Frequent Flyer number, and in some cases their tier.

The breakdown of the remaining 1.7 million customers includes the following:

• Address: 1.3 million. This is a combination of residential addresses and business addresses, including hotels, for misplaced baggage delivery.
• Date of birth: 1.1 million
• Phone number (mobile, landline and/or business): 900,000
• Gender: 400,000. This is separate from other gender identifiers like name and salutation.
• Meal preferences: 10,000

“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened,” Hudson said in an update on the Qantas News Room.

“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.”

Security analysts believe the attack was likely carried out by a hacking collective known as Scattered Spider, which was behind a recent spate of attacks targeting retailers in the UK.