Qantas Says Cybersecurity Incident Impacted 5.7 Million People

In addition, the analysis showed 1.2 million of the exposed customer records were limited to name and email address, while 2.8 million contained name, email address and Qantas Frequent Flyer details. The remaining 1.7 million, however, additionally contained data such as mailing address, gender, phone number and birth data.

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible," said Qantas Group Chief Executive Officer Vanessa Hudson. The carrier began reaching out Wednesday to notify customers of "the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services."

Since the incident, Qantas has deployed "additional cyber security measures to further protect our customers' data," she added.

On June 30, unusual activity led Qantas to discover a cyber criminal had targeted a call center and gained unauthorized access to a third-party customer service platform, the airline said at the time. It disclosed and apologized for the cyber incident at one of the carrier's contact centers in a July 2 press release.

The airline notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner (OAIC) and the Australian Federal Police to help with an investigation into this incident. The OAIC reported the incident on July 2 (see 2507030018).

In an update July 4, Qantas reported that the investigation determined that the airline's system remains secure, and there has been no further threat activity. It said no credit card details, personal financial information or passport details were accessed.