Qantas releases details of hack, confirming 5.7 million affected | Breaking News & Latest Australia Updates

Qantas releases details of hack, confirming 5.7 million affected — Add articles to your saved list and come back to them any time. Nearly six million Qantas customers had frequent flyers and other sensitive data hacke...

Add articles to your saved list and come back to them any time.

Nearly six million Qantas customers had frequent flyers and other sensitive data hacked, the airline has confirmed, detailing that cybercriminals have the phone numbers and food preferences of thousands of travellers.

Qantas has released more details of the scale of the hack on its customer data.

The Australian carrier’s cybersecurity team found that, after removing duplicate data records, details of 5.7 million unique customers were held in the hacked system.

Some Qantas travellers, about 10,000, even had their meal preferences hacked.Credit:Andreas Smetana

About 4 million of those records were limited to name, email address and Qantas Frequent Flyer details only, the airline said, but a smaller, unspecified, subset had “points balance and status credits included”.

Within the 4 million figure, 1.2 million customer records contained their name and email address.

The data exposed from around 1.7 Qantas travellers contained a combination of their address (1.3 million), date of birth (1.1 million), phone number (900,000) and gender (400,000), and some, about 10,000, even had their meal preferences hacked.

A week after the incursion into its database, Qantas said the airline could “reconfirm” that no credit card details, personal financial information or passport details were stored in the system affected “and therefore have not been accessed”.

“There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and login details were not accessed or compromised. The data that was compromised is not enough to gain access to these frequent flyer accounts,” Qantas said in a statement.

Last week, after detecting unauthorised activity on a “third-party platform” used by the airline’s contact centre in Manila, the airline called in cyber investigators and began notifying members. On Monday, Qantas said that “a potential cybercriminal has made contact” with the airline.

The Qantas data breach follows cyberattacks on Optus and Medibank Private in 2022. The criminals who breached Medibank Private began posting customer data online to coerce the health insurer into paying a ransom.

The Market Recap newsletter is a wrap of the day’s trading.Get it each weekday afternoon.