Information for customers on cyber incident

Update: 19 August 2025

We are aware of increased reports of scammers impersonating Qantas.

These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.

There are also a number of scams affecting several Australian organisations that have been reported on in recent months and were occurring before our incident. Some are cyclical based on time of year. These are unrelated to Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.

Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.

Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;

Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;

Never provide your online account passwords, or any personal or financial information;

Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;

Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information.

Our focus continues to be on doing all we can to support our affected customers.

Customers can continue to access our dedicated support line on 1800 971 541 or +61 2 8028 0534. This service remains available 24/7 and customers have access to specialist identity protection advice and resources.

Update: 8 August 2025

We are aware of increased reports of scammers impersonating Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.

Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.

Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;

Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;

Never provide your online account passwords, or any personal or financial information;

Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;

Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information.

Our focus continues to be on doing all we can to support our affected customers.

Update: 23 July 2025

We are aware of increased reports of scammers impersonating Qantas.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications.

There is still no evidence that any personal data stolen from Qantas has been released, but with the support of specialist cyber security experts, we continue to actively monitor. 

Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

Qantas will never contact customers requesting passwords, booking reference details or sensitive login information. 

Customers should remain alert for unusual communications claiming to be from Qantas or requesting personal information or passwords.

Remain vigilant, especially with email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels;

Where available, use two-step authentication – such as an authentication application – for personal email accounts and other online accounts;

Never provide your online account passwords, or any personal or financial information;

Stay informed on the latest threats by visiting the Australian Cyber Security Centre and the National Anti-Scam Centre’s Scamwatch webpage and;

Visit IDCARE’s Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information.

Our focus continues to be on doing all we can to support our affected customers.

Update: 17 July 2025

To help further protect our customers impacted by the recent cyber incident, Qantas has obtained an interim injunction in the NSW Supreme Court.

This prevents the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties.

We want to do all we can to protect our customers’ personal information and believe this was an important next course of action.

We would like to reassure our customers that there continues to be no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.

Update: 9 July 2025

Qantas is continuing to respond to the cyber incident that resulted in customer data being compromised.

The incident occurred when a cyber criminal targeted one of our airline contact centres and gained access to a third-party customer servicing platform.

We sincerely apologise for this incident and recognise the uncertainty it has caused.

Our focus is now on updating customers on the types of their personal data that was accessed, so that we can provide the appropriate advice and support to those affected.

Data that was compromised:

Qantas has progressed its forensic analysis of the customer data in the system that was compromised.  

Qantas has reconfirmed no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.  

There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and log in details were not accessed or compromised. The data that was compromised is not enough to gain access to these Frequent Flyer accounts.  

Specific data fields vary from customer to customer. Our analysis has found:

The majority of customer records that were compromised are limited to:

Name and/or
Email address and/or
Qantas Frequent Flyer number (and in some cases, tier, status credits and points balance).

Some customer records include a combination of the ones above, and one or more of the following:

Address - This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
Date of Birth
Phone number - (mobile, landline and/or business)
Gender
Meal preferences.

Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.  

How we’re communicating with you:

Qantas is emailing affected customers aged 15 and above for whom we hold an email address to advise them of the types of their personal data that was contained in the impacted system and provide advice and support. Please ensure you check your junk/spam folder.

To provide our Qantas Frequent Flyers with further visibility, you will be able to view the types of your data that were held on the compromised system once you are logged into your account. The capability is now available.

Support for customers:

Customers can continue to access our dedicated support line:

Dedicated Support Line: 1800 971 541 or +61 2 8028 0534
Available: 24/7

All customers have access to specialist identity protection advice and resources through this dedicated team.

For general enquiries, you can also contact Qantas Customer Care through our usual channels.

Upcoming travel:

If you have upcoming travel, there is nothing you need to do. You can check your flight details at any time via the Qantas App or our website.

Actions we are taking:

We have increased resourcing in our contact centres and have a dedicated support line to support our customers.
Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes.

Frequently Asked Questions

We will email you directly if you had personal information within the impacted system.

It will advise on the types of your personal data that was contained in the impacted system and provide advice and support. 

This email is sent to customers aged 15 and above for whom we hold an email address. Customers who do not receive this email should check their spam or junk folder.  

Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may receive a separate notification to each impacted email address.

Qantas Frequent Flyers will be able to access this information via a dedicated self-service tool once they are logged into their account. This is expected to be available by the end of this week.

Our email notifications were sent based on individual customer records in the impacted system. Here's how our email notifications were addressed:

Dear Qantas Customer: This means we didn’t have a complete name in the customer record, and/or we couldn't link that customer record to a Frequent Flyer account.
Dear [Name]: This means we did have a complete name in the customer record, or we were able to successfully link your customer record to your Frequent Flyer account.

You may have received multiple email notifications if you had more than one customer record in the impacted system.

We recommend that customers take the following general precautionary steps and remain vigilant to any misuse of their personal information: 

Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas. Always independently verify the identity of the caller by contacting them on a number available through official channels; 
Where available, use two-step authentication, such as an authentication application, for personal email accounts and other online accounts. This adds an extra layer of protection; 
Stay informed of the latest scams and the steps you can take to protect yourself online by visiting Scamwatch and Cyber.gov.au;
Visit IDCARE's Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and 
Do not provide your online account passwords or any personal or financial information. Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.

Customers who believe they have been targeted by scammers should report it to Scamwatch

We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. We have also notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, as well as privacy and data protection regulators in a number of other relevant jurisdictions, including the Office of the Privacy Commissioner in New Zealand (in accordance with section 114). Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.

We felt this was an important course of action to further protect our customers.

This interim injunction we have obtained prevents the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including by any third parties.

There continues to be no evidence the data has been released but we are actively monitoring.

A cyber criminal has made contact but as this is a criminal matter, we have engaged the Australian Federal Police.

There is still no evidence that any personal data stolen from Qantas has been released but we continue to actively monitor and felt this injunction was the right course of action to continue to protect our customers.

We are aware of increased reports of scammers impersonating Qantas. These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details. This is unfortunately common after incidents like this.

Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent websites and other communications. Customers who believe they have been targeted by scammers should report it immediately to Scamwatch.

We have increased resourcing in our contact centres and established a dedicated customer support line on 1800 971 541 or +61 2 8028 0534. This is available 24/7.

Our customers have access to specialist identity protection advice and resources through this team.

Customers can also submit general enquiries or complaints via our Customer Care feedback form

We are committed to addressing your concerns regarding the handling of your personal information and encourage you to contact us directly. If your concerns have not been addressed, you may contact our Privacy Officer/Data Protection Officer at PrivacyOfficer@qantas.com.au

If you are a New Zealand resident, you have the right to lodge a complaint with the  Office of the Privacy Commissioner. Go to www.privacy.org.nz/your-rights/making-a-complaint to find out more. If you reside elsewhere, you may also have a right to raise the matter with the appropriate data privacy and data protection authority regulator in your region.

The latest updates will be shared with customers on this page.

As Qantas works through its incident response, it has determined that there are a number of address fields that were held in the system that was compromised.

We can confirm outside of some residential and business addresses, including hotels for baggage services, there are a number of these fields that are invalid.

Not all are full addresses, some are postcode only, and some are a number of years old, for example. However, we have decided to notify everyone that had a potential address field populated in an effort to be transparent as possible.

Additional security measures have been put in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect these from unauthorised access, including requiring additional identification for account changes.  

We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts. We have also notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.

Frequent Flyers can continue to engage in the program and with partners as normal.  

Frequent Flyer passwords, PINs and log in details were not accessed or compromised, but customers can update these details at any time.  

The information accessed in the incident is not enough to gain access to Frequent Flyer accounts.   

In addition, all Frequent Flyer accounts by default have multi-factor authentication or two-factor authentication already enabled.  This could be a one-time password being sent to the registered mobile number or email, answering security questions or through the Authenticator App.  

There is no requirement to reset your password or PIN.

Qantas Frequent Flyer passwords, PINs and log in details were not accessed or compromised in the incident, but customers can update these details at any time.

All Frequent Flyer accounts by default have multi-factor authentication (MFA) or two-factor authentication (2FA) already enabled.

This could be a one-time password (OTP) being sent to the registered mobile number or email, or answering security questions or the Authenticator app.

For added account security, we recommend customers use an authenticator app as an additional MFA/2FA option, and follow the account security guidelines found here

Emails from Qantas will always come from a domain that ends in qantas.com. For example, an email from @loyalty.qantas.com is legitimate, as it ends in .qantas.com.

It is important you check the email address that the email has been sent from, not the display name. The display name can be made to look legitimate when it is not, which is why it is important to check the address the email has been sent from.

Emails from domains that do not end in qantas.com or qantas.com.au should be reported. (i.e qantas.net or qantas.biz)

If you do receive any suspicious emails, text messages or calls from someone purporting to be Qantas, you can report this via our Dedicated Support Line on 1800 971 541 or +61 2 8028 0534.

You can also report scams at Scamwatch or contact your local authorities if you're outside Australia.

For additional advice, please visit Act Now. Stay Secure

If you wish to update your profile, including contact details, you can do so online via the following steps:

Log in to Qantas Frequent Flyer at qantas.com
Click on Profile, then My Profile, then Personal Information
You can then change your information, including contact details, PIN, and security questions, as well as set up a digital authentication app.

Information for customers on cyber incident

Frequently Asked Questions

What has happened?

How will I know if my personal information has been compromised?

Why did I receive multiple emails?

Is there anything I need to do if my personal information has been compromised?

Will Qantas be reporting this incident to the relevant authorities?

Has my personal information been released on the dark web?

How will this injunction protect my personal information?

Have you had increased threats that my personal information will be released?

I am receiving increased scam calls, texts and emails. Is this related to the Qantas cyber incident and does this mean my data has been released?

What support is available for affected customers?

I’m concerned as my address has been confirmed as one of the types of data that has been compromised. Is there anything I need to do?

What are we doing?

I am currently booked on a Qantas flight. How do I know my booking has not been changed?

I am a Frequent Flyer. Is it possible someone may have stolen my points?

Where can I find more information?

Are Qantas IT systems safe to use?

What does this mean for Qantas Frequent Flyers?

Do I need to reset my Qantas Frequent Flyer password or PIN?

How do I know emails I receive from Qantas are legitimate?

How can I update my profile online?