The airline confirmed that a “potential cybercriminal” had been in contact but would not reveal whether a ransom was being sought.
“There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cybersecurity experts, we continue to actively monitor,” the airline said.
“As this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the detail of the contact.”
The airline first detected suspicious activity linked to a third-party platform used by its offshore call centre in Manila, prompting an urgent investigation.
Exposed information may include names, dates of birth, email addresses and frequent flyer numbers.
Qantas publicly acknowledged the breach last Wednesday, stating it had been “contained” and that no financial or passport details had been accessed.
More than 5,000 customers have contacted the airline since the breach became public, prompting a personal apology from CEO Vanessa Hudson.
“We know that data breaches can feel deeply personal,” Ms Hudson said. “We’re focused on providing answers and transparency our customers deserve.”
The airline warned customers to remain “alert for unusual communications claiming to be from Qantas”.
New security measures have been added for customers’ frequent flyer accounts, including requiring extra identification for any charges.
