Information for customers on cyber incident

On Monday 30 June 2025, we detected unusual activity on a third-party platform used by a Qantas airline contact centre. We then took immediate steps and contained the incident. We can confirm Qantas systems remain secure.

We will have emailed you directly, advising you on the types of your personal information impacted by the incident.

Customers who do not receive this email should check their spam or junk folder.  

Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may have received a separate notification to different impacted email addresses.

Yes. We disclosed this incident to the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, as well as privacy and data protection regulators in a number of other relevant jurisdictions, including the Office of the Privacy Commissioner in New Zealand (in accordance with section 114). 

Given the criminal nature of this incident, the Australian Federal Police were notified. We have also worked closely with independent specialised cyber security experts in relation to this incident.

We are aware of increased reports of scammers impersonating Qantas. 

These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.

There are also a number of scams affecting several Australian organisations that have been reported on in recent months and were occurring before our incident. Some are cyclical based on time of year. These are unrelated to Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications. Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

• We felt this was an important course of action to further protect our customers.
• The injunction we have obtained prevents the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties.

We have established a dedicated customer support line on 1800 971 541 or +61 2 8028 0534. This is available 24/7.

Our customers have access to specialist identity protection advice and resources through this team.

Customers can also submit general enquiries or complaints via our Customer Care feedback form.

We are committed to addressing your concerns regarding the handling of your personal information and encourage you to contact us directly. If your concerns have not been addressed, you may contact our Privacy Officer/Data Protection Officer at PrivacyOfficer@qantas.com.au.

If you are a New Zealand resident, you have the right to lodge a complaint with the  Office of the Privacy Commissioner. Go to privacy.org.nz/your-rights/making-a-complaint to find out more. If you reside elsewhere, you may also have a right to raise the matter with the appropriate data privacy and data protection authority regulator in your region.

The latest updates will be shared with customers on this page.

Frequent Flyers can continue to engage in the program and with partners as normal.  

Frequent Flyer passwords, PINs and log in details were not accessed or compromised, but customers can update these details at any time.  

The information accessed in the incident is not enough to gain access to Frequent Flyer accounts.   

In addition, all Frequent Flyer accounts by default have multi-factor authentication or two-factor authentication already enabled.  This could be a one-time password being sent to the registered mobile number or email, answering security questions or through the Authenticator App.  

This dedicated page includes the most up to date information.

You can also contact our dedicated support line on 1800 971 541 or +61 2 8028 0534 if you have specific concerns or questions.

Emails from Qantas will always come from a domain that ends in qantas.com. For example, an email from @loyalty.qantas.com is legitimate, as it ends in .qantas.com.

It is important you check the email address that the email has been sent from, not the display name. The display name can be made to look legitimate when it is not, which is why it is important to check the address the email has been sent from.

Emails from domains that do not end in qantas.com or qantas.com.au should be reported. (i.e qantas.net or qantas.biz)

If you do receive any suspicious emails, text messages or calls from someone purporting to be Qantas, you can report this via our Dedicated Support Line on 1800 971 541 or +61 2 8028 0534.

You can also report scams at Scamwatch or contact your local authorities if you're outside Australia.

For additional advice, please visit Act Now. Stay Secure.

If you wish to update your profile, including contact details, you can do so online via the following steps:

1. Log in to Qantas Frequent Flyer at qantas.com
2. Click on Profile, then My Profile, then Personal Information
3. You can then change your information, including contact details, PIN, and security questions, as well as set up a digital authentication app.

There is no requirement to reset your password or PIN.

Qantas Frequent Flyer passwords, PINs and log in details were not accessed or compromised in the incident, but customers can update these details at any time.

All Frequent Flyer accounts by default have multi-factor authentication (MFA) or two-factor authentication (2FA) already enabled.

This could be a one-time password (OTP) being sent to the registered mobile number or email, or answering security questions or the Authenticator app.

For added account security, we recommend customers use an authenticator app as an additional MFA/2FA option, and follow the account security guidelines found here.

We took immediate steps and contained the system, and Qantas systems remain secure.

There is nothing to indicate that points were stolen in connection with this incident.

If you have upcoming travel, you can check your flight details through the Qantas App or website as normal.

Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect these from unauthorised access, including requiring additional identification for account changes.  

We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. We have also notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.

As Qantas works through its incident response, it has determined that there are a number of address fields that were held in the system that was compromised. 

We can confirm outside of some residential and business addresses, including hotels for baggage services, there are a number of these fields that are invalid. 

Not all are full addresses, some are postcode only, and some are a number of years old, for example. However, we have decided to notify everyone that had a potential address field populated in an effort to be transparent as possible.

We recommend that customers take the following general precautionary steps and remain vigilant to any misuse of their personal information: 

• Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels; 
• Where available, use two-step authentication, such as an authentication application, for personal email accounts and other online accounts. This adds an extra layer of protection; 
• Stay informed of the latest scams and the steps you can take to protect yourself online by visiting Scamwatch and Cyber.gov.au;
• Visit IDCARE's Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and 
• Do not provide your online account passwords or any personal or financial information. Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers who believe they have been targeted by scammers should report it to Scamwatch.

Our email notifications were sent based on individual customer records in the impacted system. Here's how our email notifications were addressed:

• Dear Qantas Customer: This means we didn’t have a complete name in the customer record, and/or we couldn't link that customer record to a Frequent Flyer account.
• Dear [Name]: This means we did have a complete name in the customer record, or we were able to successfully link your customer record to your Frequent Flyer account.

You may have received multiple email notifications if you had more than one customer record in the impacted system.

We are aware of increased reports of scammers impersonating Qantas. 

These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.

There are also a number of scams affecting several Australian organisations that have been reported on in recent months and were occurring before our incident. Some are cyclical based on time of year. These are unrelated to Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.

Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.

• Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;

• Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;

• Never provide your online account passwords, or any personal or financial information;

• Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;

• Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information.

Our focus continues to be on doing all we can to support our affected customers.

Customers can continue to access our dedicated support line on 1800 971 541 or +61 2 8028 0534. This service remains available 24/7 and customers have access to specialist identity protection advice and resources.

We are aware of increased reports of scammers impersonating Qantas. 

These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.

There are also a number of scams affecting several Australian organisations that have been reported on in recent months and were occurring before our incident. Some are cyclical based on time of year. These are unrelated to Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.

Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.

• Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;

• Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;

• Never provide your online account passwords, or any personal or financial information;

• Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;

• Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information.

Our focus continues to be on doing all we can to support our affected customers.

Customers can continue to access our dedicated support line on 1800 971 541 or +61 2 8028 0534. This service remains available 24/7 and customers have access to specialist identity protection advice and resources through this team.

We are aware of increased reports of scammers impersonating Qantas. 

These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.

There are also a number of scams affecting several Australian organisations that have been reported on in recent months and were occurring before our incident. Some are cyclical based on time of year. These are unrelated to Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.

There is still no evidence that any personal data stolen from Qantas has been released, but with the support of specialist cyber security experts, we continue to actively monitor. 

Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.

• Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;

• Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;

• Never provide your online account passwords, or any personal or financial information;

• Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;

• Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information.

Our focus continues to be on doing all we can to support our affected customers.

Customers can continue to access our dedicated support line on 1800 971 541 or +61 2 8028 0534. This service remains available 24/7 and customers have access to specialist identity protection advice and resources through this team.

To help further protect our customers impacted by the recent cyber incident, Qantas has obtained an interim injunction in the NSW Supreme Court.  

This prevents the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties. 

We want to do all we can to protect our customers’ personal information and believe this was an important next course of action.

We would like to reassure our customers that there continues to be no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.

Qantas is continuing to respond to the cyber incident that resulted in customer data being compromised.

The incident occurred when a cyber criminal targeted one of our airline contact centres and gained access to a third-party customer servicing platform.

We sincerely apologise for this incident and recognise the uncertainty it has caused.

Our focus is now on updating customers on the types of their personal data that was accessed, so that we can provide the appropriate advice and support to those affected.

Data that was compromised:

Qantas has progressed its forensic analysis of the customer data in the system that was compromised.  

Qantas has reconfirmed no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.  

There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and log in details were not accessed or compromised. The data that was compromised is not enough to gain access to these Frequent Flyer accounts.  

Specific data fields vary from customer to customer. Our analysis has found: 

The majority of customer records that were compromised are limited to:

• Name and/or
• Email address and/or 
• Qantas Frequent Flyer number (and in some cases, tier, status credits and points balance). 

Some customer records include a combination of the ones above, and one or more of the following: 

• Address - This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
• Date of Birth 
• Phone number - (mobile, landline and/or business)
• Gender 
• Meal preferences.  

Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.  

How we’re communicating with you:

Qantas is emailing affected customers aged 15 and above for whom we hold an email address to advise them of the types of their personal data that was contained in the impacted system and provide advice and support. Please ensure you check your junk/spam folder.

To provide our Qantas Frequent Flyers with further visibility, you will be able to view the types of your data that were held on the compromised system once you are logged into your account. The capability is now available.

Support for customers:

Customers can continue to access our dedicated support line:

• Dedicated Support Line: 1800 971 541 or +61 2 8028 0534
• Available: 24/7

All customers have access to specialist identity protection advice and resources through this dedicated team.

For general enquiries, you can also contact Qantas Customer Care through our usual channels.

Upcoming travel:

If you have upcoming travel, there is nothing you need to do. You can check your flight details at any time via the Qantas App or our website.

Actions we are taking:

• We have increased resourcing in our contact centres and have a dedicated support line to support our customers.
• Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes.