In a statement released by the airline, Qantas confirmed it had identified suspicious activity on Monday within a third-party platform used by one of its contact centres.
This platform holds service records for approximately six million customers.
While the full extent of the breach is still under investigation, the airline said it expects the amount of data stolen to be “significant.”
An initial assessment revealed that the compromised information includes customer names, email addresses, phone numbers, birth dates and frequent flyer numbers.
The airline stressed that sensitive details such as credit card numbers, personal financial information and passport data were not stored in the affected system.
“Importantly, credit card details, personal financial information and passport details are not held in this system,” the statement read. “No frequent flyer accounts were compromised nor have passwords, PIN numbers or login details been accessed.”
Qantas said the affected system has been isolated and customers impacted by the breach will be contacted directly.
The breach has also been reported to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police.
