If you’re a Qantas customer, you might have heard some unsettling news recently. On June 30, 2025, Australia’s flagship airline discovered that cybercriminals had accessed a third-party platform used by their contact centres, potentially exposing the personal information of up to 6 million customers. If you’re feeling a bit anxious about this, you’re not alone: and more importantly, there are concrete steps you can take to protect yourself.
Let’s break down what happened, what it means for you, and exactly what you should do if your data was caught up in this digital turbulence.
What Actually Happened?
Qantas detected unusual activity on a third-party platform that their contact centres use to manage customer interactions. A cybercriminal managed to gain unauthorized access to this system, which contained customer data spanning several years of airline operations.
The good news? This wasn’t a complete system takeover. The hackers didn’t get into Qantas’s main booking systems, frequent flyer accounts, or payment processing systems. But they did manage to access a significant amount of customer information that could potentially be misused.
What Information Was Exposed?
Here’s what we know about the data that was compromised. The extent varies depending on your individual customer record, but the exposed information includes:
Basic information that most affected customers had exposed:
- Names and email addresses
- Qantas Frequent Flyer numbers
- Tier status and points balances
- Status credits
Additional information that some customers had exposed:
- Residential and business addresses
- Dates of birth
- Phone numbers (mobile, landline, or business)
- Gender
- Meal preferences
- Hotel addresses (for misplaced baggage delivery)
What wasn’t accessed (and this is crucial):
- Credit card details
- Bank account information
- Passwords or PINs
- Passport numbers
- Login credentials
If you have multiple email addresses with Qantas, you might have multiple affected records, as the system treats each unique email as a separate customer profile.
Why Do Big Breaches Like This Make Headlines?
You might wonder why a data breach involving an airline captures so much attention. The truth is, when major companies like Qantas experience breaches, it highlights just how vulnerable our digital lives have become.
Airlines are particularly attractive targets for cybercriminals because they hold vast amounts of personal data from travellers worldwide. Think about it: when you book a flight, you provide your full name, contact details, travel dates, and often passport information. This creates a treasure trove of data that can be incredibly valuable on the dark web.
Moreover, airline customers tend to be frequent travellers, often business professionals with higher disposable incomes, making them prime targets for sophisticated scams. The combination of detailed personal information and the assumption of affluence makes airline data breaches particularly concerning for both customers and cybersecurity experts.
Immediate Steps You Should Take
If you’re a Qantas customer (and let’s face it, if you’re Australian, you probably are), here’s your action plan:
1. Check Your Email and Qantas Account
Qantas is directly contacting affected customers aged 15 and above via email. Check both your inbox and spam folder for official communications from Qantas. The email will specify exactly what types of your personal data were in the compromised system.
You can also log into your Qantas Frequent Flyer account, where you’ll find information about what data of yours was held in the affected system.
2. Change Your Passwords
Even though passwords weren’t accessed in this breach, it’s always good practice to update your passwords after any data incident. Start with:
- Your Qantas account password
- Email account passwords (especially the one associated with your Qantas account)
- Any other travel-related accounts
Use strong, unique passwords for each account. If managing multiple passwords feels overwhelming, consider using a reputable password manager, such as Google Password manager, Bitwarden or Nordpass.
3. Set Up Fraud Alerts
Contact your bank and credit card companies to let them know about the breach. While financial information wasn’t directly accessed, the personal details that were stolen could be used to attempt identity theft or social engineering attacks on your financial accounts.
Many Australian banks offer free fraud monitoring services: now might be a good time to activate these if you haven’t already.
4. Be Extra Vigilant About Scams
This is where things get tricky. Armed with your name, email, frequent flyer details, and travel preferences, scammers can create incredibly convincing phishing attempts. Be suspicious of:
- Emails claiming to be from Qantas asking you to “verify” additional information
- Phone calls from people claiming to be from Qantas, airlines, or travel companies who already know some of your details
- Fake booking confirmations or travel deals that seem too good to be true
- Messages asking you to click links to “secure your account” or “claim compensation”
Remember: legitimate companies will never ask for sensitive information via email or unsolicited phone calls.
5. Monitor Your Accounts Closely
Keep a close eye on your:
- Bank and credit card statements
- Qantas Frequent Flyer account activity
- Email accounts for suspicious activity
- Credit report (you can get a free credit report annually from each of the major credit reporting agencies in Australia)
Set up account alerts where possible so you’re notified immediately of any unusual activity.
6. Consider Replacing Important Documents
If you’re particularly concerned about identity theft, you might want to consider:
- Updating your driver’s licence (if your address was in the breach)
- Being extra cautious about passport security
- Reviewing what personal information you share with airlines and other travel companies in future
Staying Protected Long-Term
While this breach is concerning, it’s also a good reminder to strengthen your overall digital security posture:
Use unique contact details strategically: Consider using different email addresses for different types of services. This way, if one account is compromised, criminals don’t gain access to your entire digital life.
Enable two-factor authentication: Wherever possible, activate two-factor authentication on your important accounts. This adds an extra layer of security even if your password is compromised.
Stay informed: Follow Qantas’s official communications and reputable Australian cybersecurity news sources for updates about the breach and any new protective measures you should take.
Trust your instincts: If something feels off about an email, phone call, or message: even if the person knows some of your details: trust that feeling and verify independently.
The Bigger Picture
Data breaches like the Qantas incident remind us that in our interconnected world, cybersecurity isn’t just an IT department’s responsibility: it’s something we all need to think about. Whether you’re an individual traveller or a business owner, having robust cybersecurity practices isn’t optional anymore; it’s essential.
For Australian businesses watching this unfold, it’s a stark reminder of the importance of having comprehensive cybersecurity measures in place, regular security audits, and clear incident response plans. The reputational and financial impact of a breach can be enormous, and prevention is always better than cure.
At Cloud Computer Company, we help Australian businesses and individuals strengthen their cybersecurity readiness. From secure cloud solutions to comprehensive IT support, we understand that protecting your digital assets: and your customers’ trust: is paramount in today’s landscape.
If the Qantas breach has made you think more seriously about your own cybersecurity setup, whether personal or business, we’re here to help you navigate these choppy digital waters and land safely.
