Qantas says that when cybercrooks attacked a "third party platform" used by the airline's contact center systems, they accessed the personal information and frequent flyer numbers of the "majority" of the circa 5.7 million people affected.

The Aussie airline said today this personal information includes names and/or email addresses, and warned frequent flyer numbers, customer tiers, status credits, and points balances might also be compromised.

In a "minority" of the total number of cases – reportedly up to one million people – other data points were also revealed. These include:

Physical addresses (residential addresses and business addresses, including hotels for misplaced baggage delivery)

Dates of birth

Phone numbers

Genders

Meal preferences

No doubt hoping to mitigate worries about exposing physical addresses, the airline said its investigations showed that many of these were years old and potentially outdated, while others were only partially completed (postcodes only).

Qantas told [1]Reuters that of the 5.7 million customers affected by its break-in, the name, phone number, and/or physical address of around 1 million was accessed by the crooks, while for the bulk of the customers – 4 million – "only" their name and email address was accessed.

Number trouble

If you're wondering why the number of affected individuals is now 5.7 million compared the [2]our previously reported 6 million , there's an explanation for that.

Qantas said it originally understood that 6 million was the magic number but upon review, duplicate records were skewing the total upward, leaving a final 5.7 million.

As for the remaining 700k, The Register asked the airline about that, but it did not immediately respond.

Customers aged 15 and above will be notified directly of exactly how their data was impacted by the attack, Qantas said.

[3]

Those signed up to the airline's frequent flyer program will also be able to view their affected data types via their account page as part of a new feature to be launched later this week.

[4]

[5]

Qantas assured those due to travel on its flights that they do not need to do anything differently, but warned those affected to be extra vigilant against scams, phishing attempts, and the like.

"We have increased resourcing in our contact centers and have a dedicated support line to support our customers," its website states.

[6]

"Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorized access, including requiring additional identification for account changes."

The airline added that it is not aware of crooks releasing customer data on the dark web, but is actively monitoring to see if that changes.

[7]Australian airline Qantas reveals data theft impacting six million customers

[8]Suspected Scattered Spider domains target everyone from manufacturers to Chipotle

[9]Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish

[10]Airbus A380 flew for 300 hours with metre-long tool left inside engine

Qantas has not confirmed what kind of attack this was, whether it was a pure-play data grab or if ransomware and/or extortion were involved.

On its [11]FAQ page , it said its IT systems are safe to use: "We took immediate steps and contained the system, and Qantas systems remain secure."

Nothing is confirmed with regards to who was behind the attack, but the breakin at Qantas followed similar raids at other airlines such as [12]Hawaiian and [13]WestJet , prompting experts to issue warnings about [14]Scattered Spider's apparent change in tack . ®

Get our [15]Tech Resources



[1] https://www.reuters.com/world/asia-pacific/qantas-confirms-over-million-customers-personal-information-leaked-2025-07-09/

[2] https://www.theregister.com/2025/07/02/qantas_data_theft/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aG6SIufv4Vt4M14MboNIbgAAAEc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG6SIufv4Vt4M14MboNIbgAAAEc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG6SIufv4Vt4M14MboNIbgAAAEc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG6SIufv4Vt4M14MboNIbgAAAEc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2025/07/02/qantas_data_theft/

[8] https://www.theregister.com/2025/07/08/suspected_scattered_spider_domains_target/

[9] https://www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/

[10] https://www.theregister.com/2024/11/15/tool_found_in_a380_engine/

[11] https://www.qantas.com/gb/en/support/information-for-customers-on-cyber-incident.html#cmp-anchor-links

[12] https://www.theregister.com/2025/06/27/aloha_youve_been_pwned_hawaiian/

[13] https://www.theregister.com/2025/06/16/westjet_cybersecurity_snafu/

[14] https://www.theregister.com/2025/06/30/scattered_spider_aviation/

[15] https://whitepapers.theregister.com/