Daijiworld Media Network - Sydney

Sydney, Jul 9: Australian airline Qantas has confirmed that a major cyberattack in late June compromised the personal data of 5.7 million customers, following a breach in a third-party system operated by an offshore call center.

In a statement issued Wednesday, the airline revealed findings from a forensic investigation, stating that the June 30 attack led to exposure of various levels of personal information.

Of the 5.7 million affected records:

• 2.8 million contained names, email addresses, and frequent flyer numbers.
• Another 1.2 million records included just names and email addresses.
• The remaining 1.7 million records had more extensive details, such as addresses, phone numbers, birthdates, and even meal preferences.

Qantas Group CEO Vanessa Hudson said that the airline began directly notifying affected customers on Wednesday, informing them about the specific data fields exposed in the breach.

“Since the incident, we’ve implemented several enhanced cybersecurity measures to better safeguard customer data and are continuing to thoroughly review the event,” Hudson stated, as reported by Xinhua news agency.

Qantas had publicly disclosed the breach on July 2, and on Monday, the company confirmed it had been contacted by a hacker claiming responsibility for the intrusion.

Hudson added that Qantas is maintaining close coordination with Australia’s top cybersecurity authorities, including the National Cyber Security Coordinator, the Australian Cyber Security Centre, and the Australian Federal Police.

Although no stolen data has been released so far, Qantas has urged customers to be vigilant, especially when dealing with unsolicited emails, phone calls, or messages claiming to be from the airline.

The company said it continues to work with specialist cybersecurity experts to monitor the situation and protect customer information from further misuse.