Millions of records — covering names, email address, phone numbers and even meal preferences — were held on the Qantas systems accessed in a “cyber incident”, the airline says.
Qantas said 5.7 million customer records were impacted when a third-party system used by an offshore call centre was hacked at the end of June.
It added that there is “no evidence” that personal data stolen from Qantas has been released, but was contacting customers to let them know what data of theirs was held in the system that was breached.
A significant portion of the records, totaling four million, included names, email addresses, and details related to Qantas Frequent Flyers. Some of these records also comprised tier levels, points balances, and status credits.
The addresses of around 1.3 million, phone numbers of 900,000, and meal preferences of 10,000 customers were held on the system.
Qantas CEO Vanessa Hudson said extra cybersecurity measures have been put in place and a review is underway.
She added: “Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible.”
The National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police have also been contacted by Qantas.
