When a national business icon like Qantas suffers a cyberattack, the ripple effects extend far beyond the aviation industry.
The recent Qantas data breach has exposed the personal information of up to six million customers, raising serious concerns about data security, third-party risk, and the resilience of Australian businesses in the face of growing cyber threats.
This blog will take a look into what happened, who’s affected, and, most importantly, what business owners can learn from it to protect their own operations.
What Happened with the Qantas Data Breach?
On Monday, 30 June 2025, Qantas detected unusual activity on a third-party platform used by one of its customer contact centres. By Wednesday, the airline confirmed that a cybercriminal had gained unauthorised access to the system, compromising a significant volume of customer data.
According to SmartCompany, the breach originated from a third-party customer servicing platform, not Qantas’ core systems. This distinction is critical. It highlights how even the most security-conscious organisations can be blindsided by vulnerabilities in their supply chain.
The Qantas Data Breach includes:
- Full names
- Email addresses
- Phone numbers
- Dates of birth
- Frequent flyer numbers
Fortunately, Qantas confirmed that no passwords, financial information, or passport details were stored in the affected system. Frequent flyer accounts also remain secure.
Still, the Qantas data breach is being described as “significant” by the airline and cybersecurity experts alike. The reputational damage alone is substantial, and the incident has triggered investigations by the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and the Australian Federal Police.
Who is Affected by the Qantas Data Breach?
The Qantas data breach potentially impacts up to 6 million customers, nearly a quarter of Australia’s population. While no flights or operational systems were affected, the exposure of personal data opens the door to a range of other threats.
For example, the stolen data could now be used in phishing campaigns, identity theft, or social engineering attacks. Cyber criminals often exploit such information to impersonate trusted brands, trick users into revealing more sensitive data, or gain access to other systems.
For businesses, this data breach is a stark reminder that customer trust is fragile. A single incident, especially one involving a well-known business name, can erode confidence and trigger long-term brand damage.
Qantas’ Response to the Data Breach
To the credit of Qantas, they have acted quickly.
The affected system was quarantined, and the airline began contacting impacted customers within 48 hours of detection. A dedicated hotline and support page were launched to assist those concerned about their data.
Qantas Group CEO Vanessa Hudson issued a public apology, stating:
“Our customers trust us with their personal information, and we take that responsibility seriously. We are contacting our customers today and our focus is on providing them with the necessary support.”
Qantas is also working closely with the Federal Government’s National Cyber Security Coordinator and independent cybersecurity experts to investigate the Qantas data breach and prevent further incidents.
While the response has been largely praised, the incident underscores the importance of having a robust incident response plan in place, something many small and medium-sized businesses still lack.
What Should Customers Impacted by the Qantas Data Breach do now?
If you’re a Qantas customer, or if your business has clients who may be affected, it’s important to take proactive steps to minimise risk.
Here’s what cybersecurity experts recommend:
- Be wary of phishing emails: Scammers may use Qantas branding to trick users into clicking malicious links or sharing sensitive information.
- Verify communications: Use the official Qantas website or app to check for legitimate updates. Avoid clicking on links in unsolicited messages.
- Monitor your accounts: Keep an eye on bank statements, email activity, and any unusual login attempts.
- Contact Adept IT Solutions: Our expert team, with over 20 years of experience providing Managed IT Services to customers, is here to assist you. If you are unsure on what your next steps should be to better protect your IT systems and sensitive information, contact us today!
These steps are not just relevant to potentially exposed Qantas customers, they’re best practices for anyone navigating today’s digital landscape.
Cybersecurity Tips for Australian Businesses
So, now that we have seen the results of the Qantas data breach, what can you do to avoid becoming the next headline?
Here are five foundational cybersecurity practices every business should implement:
1. Enable Multi-Factor Authentication (MFA)
Multi-Factor Authentication adds an extra layer of security by requiring users to verify their identity through a second method, like a text message, email, or authentication app.
2. Keep Software Up to Date
Outdated systems are a hacker’s dream. Regularly update your operating systems, applications, and devices to reduce the chance of falling victim to known vulnerabilities.
3. Train Your Team
Human error is the leading cause of data breaches. Conduct regular training on how to spot phishing emails, use strong passwords, and report suspicious activity. The team here at Adept IT Solutions offers comprehensive and proven Cybersecurity Awareness Education and Training to assist customers be better protected.
4. Back Up Your Data
Ensure your data is backed up regularly and stored securely, preferably offsite or in the cloud. Test your backups to confirm they can be restored quickly.
5. Limit Access to Sensitive Information
Follow the principle of least privilege: only give employees access to the data they truly need to do their jobs properly.
For more detailed guidance, the ACSC’s Small Business Cyber Security Guide is a great starting point.
Latest Updates on the Qantas Data Breach (As of 09/07/2025)
Last week’s Qantas data breach on a third-party call-centre platform held records for about 6 million Qantas customers. Qantas has now clarified that after deduplication 5.7 million unique customer records were impacted:
- 1.2 million records contained only name and email
- 2.8 million included name, email, Frequent Flyer number and status tier
- A smaller subset of these also contained points balance and status credit
- 1.7 million held additional personal details:
- 1.3 million addresses (home, business or hotel delivery addresses)
- 1.1 million dates of birth
- 900,000 phone numbers
- 400,000 gender entries
- 10,000 meal preferences
None of the stolen data has yet appeared on the dark web. Qantas is now emailing each affected customer to detail exactly which fields were accessed.
Qantas CEO Vanessa Hudson reiterated that no credit-card, passport or other financial information were stored on the breached system. The airline has bolstered its defences with extra security controls, stepped-up monitoring and is collaborating with the Australian Cyber Security Centre, National Cyber Security Coordinator and the AFP.
Advice for customers Impacted by the Qantas Data Breach:
- Be alert for phishing calls, texts or emails purporting to be from Qantas
- Independently verify any requests for personal data via official Qantas channels
- Report suspicious communications to Qantas’ dedicated support line or via Scamwatch
How Adept IT Solutions can Assist with the Fallout from the Qantas Data Breach
The Qantas data breach is a wake-up call, not just for airlines, but for every business that handles customer data. It’s a reminder that cybersecurity is no longer just an IT issue, it’s a business imperative.
For business owners, this is an opportunity to audit your digital defences, educate your team, and invest in long-term resilience. Because in today’s threat landscape, it’s not a matter of if you’ll be targeted, it’s when.
Need help securing your business? Whether you’re looking to assess your current cybersecurity posture or implement best-practice protections, our team of IT experts is here to help. Let’s make sure your business is ready for whatever comes next.
Contact us today! You can get in touch at 1300 423 378 or simply email us at info@adept-it.com.au. Our staff are ready to help secure your business today, to protect you from the dangers of tomorrow.
