Millions of Qantas Customer Records Potentially Compromised in Data Breach

Customer information stored on a third-party platform was accessed in a breach Australian airline company Qantas is still assessing.

Qantas discloses major data breach

Australian airline Qantas has disclosed a cybersecurity breach that may have compromised sensitive details belonging to 6 million customers. The incident, announced Wednesday, stemmed from a third-party platform used by one of the airline’s contact centers.

Although the affected system is not owned by Qantas directly, it hosted a plethora of personal data, including full names, email addresses, birth dates, phone numbers, and frequent flyer membership numbers.

Qantas reported that the breach was discovered on June 30 after the company detected unusual activity on an external platform. The airline said it acted swiftly to contain the issue, emphasizing that its core systems remained unaffected. In a public statement, the company said the compromised platform does not store financial information such as credit card numbers or passport details, offering some reassurance to affected customers.

Scope of exposure still under investigation

While the airline acknowledges that 6 million records were hosted on the compromised system, it has yet to determine how many were actually accessed by attackers. In its communication, Qantas noted that “the proportion of the data that has been stolen” is still being assessed, but it could be “significant.”

The company has committed to notifying customers individually if their information is believed to be among the data compromised.

At this stage, the airline has not confirmed which specific platform has been targeted, nor has it attributed the breach to any particular threat actor.

Assurance and ongoing response

Qantas has reiterated that its flight operations and booking systems remain secure and unaffected. Efforts are underway to complete a forensic investigation into the breach, with the airline cooperating closely with cybersecurity experts and relevant authorities.

While the full scope of the breach remains unclear, Qantas has emphasized its commitment to transparency and customer protection. The company vowed to share further updates and guidance with impacted individuals as more information becomes available.

How to manage the fallout of a data breach

Data breaches strike mercilessly and without prior notice. Once you hand your data to a company, there’s little you can do to prevent it from being leaked if the company suffers a data breach.

However, this doesn’t mean you shouldn’t be prepared. Using dedicated solutions like Bitdefender Digital Identity Protection can help you monitor the extent of your online data. It constantly scans both the public and the Dark Web for traces of your data, notifies you instantly if you have been exposed in a breach, and lets you patch weak spots in your digital footprint with quick, one-click action items.