Qantas Updates Cyberattack, Experts Counsel Data Safety Plan

Qantas this week confirmed that 5.7 million unique customers' data was in the system that was breached last week by a cyberattack, the third airline breach in as many weeks, yet again highlighting what experts called the necessity for travel managers to have data-protection action plans.

Qantas on Wednesday reconfirmed that no credit card, personal financial or passport information were stored in the system that was compromised and "no evidence that any personal data stolen from Qantas has been released." 

About 4 million customer records were limited to name, email address and Qantas frequent-flyer details, according to the airline. The frequent-flyer information does not include passwords or logins, and "the data that was compromised is not enough to gain access to these frequent-flyer accounts," Qantas said.

Of the 4 million, 1.2 million records contained names and email addresses; 2.8 million records contained names, email addresses and Qantas frequent-flyer numbers. "The majority of these also had tier [status] included," according to the carrier. A smaller subset had point balances and status credits included.

The remaining 1.7 million customers' records included a combination of some of those same data fields, plus at least one additional field: 

The carrier said it continues to monitor the situation. Qantas is updating affected customers, who can access a dedicated support line for questions.

Response Actions for Travelers, Managers

Qantas advised customers to "remain alert," particularly when an email sender or caller claims they are from Qantas. It also suggested that where available, customers should use two-step authentication for personal email and other online accounts. In addition, the carrier recommended customers visit the Australian Cyber Security Centre and the National Anti-Scam Scamwatch sites. 

"Customers who believe they have been targeted by scammers should report it to Scamwatch," according to Qantas.

The Qantas breach, the latest in a years-long string of malicious penetration into travel suppliers' data systems, illustrates the need for travel managers to closely monitor travel data, according to World Travel Protection regional security director of the Americas Frank Harrison.

"For business travelers and travel managers, the stakes are particularly high," Harrison said in an email. "Exposed personal information can result in identity theft or fraud, while operational disruptions may impact key business activities. Organizations should ensure robust cybersecurity practices are in place, such as using strong, unique passwords, enabling multi-factor authentication and educating employees about phishing risks. Centralizing bookings through trusted platforms and staying vigilant for unusual account activity are also vital steps."

McIndoe Risk Advisory president Bruce McIndoe emphasized the difference between a data breach and an operational breach and a company's responsibilities for each. 

McIndoe recommended developing standard messaging on a company's general communication system to be deployed as soon as they are notified that a supplier has experienced a data breach. It should include information about the event, guidance on the actions travelers can take to stay informed and options for employees to lessen the potential of the breach or future breaches, he said.

For operational breaches, in which the ability for employees to travel might be affected, "the first thing to do is figure out who is impacted," McIndoe said. "Find them and see if you can get alternative transportation. If it's at [an] airport, maybe you need to move them by ground or train." 

Travel managers should undertake response protocols as they would for other types of disruption, he said.

"Because of the nature of the [hacker] group and how these cyber-hackers work, we should expect there'll be now multiple [breaches]," McIndoe warned. "It's incredibly important right now that everyone in the travel industry, especially in the airline segment, should be taking preventive care, upgrading their cybersecurity posture, because this is going to continue for months and months as they continue to be successful."

McIndoe also noted that passengers should not print their boarding passes and instead rely on a carrier's mobile app. "Because if I have the [passenger name record] and your last name, I can create havoc," he said. "That paper backup is a weakness of vulnerability."

Prior to the recent airline cyber events, airline industry IT provider SITA in May released a report developed with industry group Airlines for America that showed 77 percent of North American airlines ranked cybersecurity among their top three priories for 2025, with nearly half (45 percent) citing it as their single top focus. 

The carriers surveyed said their investments were "heavily concentrated" in cybersecurity initiatives, with 100 percent implementing advanced measures, such as privileged account management, SSO authentication and DDoS protection, according to the report, which from September through November 2024 was sent to senior IT executives in the top 379 passenger carriers. The responses represent more than 60 percent of North American passenger traffic, according to SITA. 

"Ultimately, protecting sensitive travel data and ensuring business continuity requires active collaboration between airlines, travelers and travel managers," Harrison said. "Staying informed and proactive is the best defense against these evolving threats."

 Qantas Confirms Customer Data Breach