In The Event Of
Q

Qantas Data Breach 2025:
What You Need to Know

Approximately 5.7 million Qantas customer records were exposed after hackers breached a third-party call centre platform. Here is what happened, what data was leaked, and steps you can take to protect yourself.

Breach date:30 June 2025
Records affected:~5.7 million
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the Qantas Breach Unfolded

30 June 2025

Hackers from the Scattered Lapsus$ Hunterscollective used social engineering (“vishing”, or voice phishing) to trick a Manila-based call centre operator into granting access to a third-party customer servicing platform used by Qantas.

2 July 2025

Qantas publicly confirmed the cyber-attack, disclosing that up to 6 million customer records may have been accessed. The airline immediately isolated the affected system and notified the Australian Federal Police, the Australian Cyber Security Centre (ACSC), and the Office of the Australian Information Commissioner (OAIC).

July 2025

Qantas obtained an injunction from the NSW Supreme Court preventing publication or distribution of the stolen data. The airline launched a 24/7 support hotline (1800 971 541 within Australia) and began emailing affected customers from 9 July with details of their specific exposed data.

Not sure if you received this notification? Affected customers received an email with the subject line "Important information about a cyber incident involving your Qantas data".

~12 October 2025

After Qantas refused to pay ransom, the hackers published approximately 153 GB of stolen customer data on the dark web and open internet. The final affected count was confirmed at approximately 5.7 million unique customer records.

Sources: The Guardian (13 Oct 2025), BleepingComputer (Jul 2025)

What Was Exposed

Personal Data Leaked in the Breach

The amount of data exposed varies between customers. According to Qantas, approximately 2.8 million customers had their names, emails, and Frequent Flyer numbers exposed, while a further 1.7 million also had additional personal details leaked.

Data TypeRisk LevelWho Was Affected
Full nameHighAll approximately 5.7 million affected customers
Email addressHighAll approximately 5.7 million affected customers
Frequent Flyer numberMediumAll approximately 5.7 million affected customers
Date of birthHighSubset (according to Qantas, approximately 1.7 million)
Phone numberHighSubset (according to Qantas, approximately 1.7 million)
Home/business addressHighSubset (according to Qantas, approximately 1.7 million)
GenderLowSubset of affected customers
Meal preferencesLowSubset of affected customers

Risk levels based on the Australian Government's PSPF and OAIC Australian Privacy Principles. Identity-linked data (name, date of birth, address) is rated higher due to its potential use in identity fraud.

✅ Confirmed NOT Exposed

Qantas confirmed that no credit card details, passports, personal financial information, passwords, or PINs were stored in the affected system. Frequent Flyer account access was not compromised.

Company Response

What Qantas Did

“We understand this creates uncertainty for our customers. I'm deeply sorry this has happened.”
Vanessa Hudson, Qantas Group CEO

Actions Taken by Qantas

  • Immediately isolated the affected third-party system
  • Notified the Australian Federal Police, ACSC, and OAIC
  • Obtained an NSW Supreme Court injunction against data distribution
  • Launched a 24/7 support hotline: 1800 971 541 (AU) / +61 2 8028 0534 (international)
  • Began emailing affected customers from 9 July 2025 with breach details
  • Offered specialist identity protection resources
  • Implemented additional cybersecurity measures and staff training
OAIC StatementQantas Cyber Incident Page

What Now?

Steps You Can Take After the Qantas Breach

Even though no passwords or financial data were exposed, the combination of name email date of birth and phone number gives scammers enough information to impersonate you convincingly. Here are general best-practice steps, organised by the types of accounts most commonly affected.

Qantas and Travel Accounts

Your Frequent Flyer details were exposed. Other travel accounts may use the same email.

Secure your Qantas Frequent Flyer account

~5 min
It is generally considered best practice to update the password on any Qantas Frequent Flyer account associated with exposed data. Enabling MFA where available adds a significant layer of protection. Consider reviewing recent account activity for any unauthorised points redemptions or profile changes.
Go to Qantas Frequent Flyer

Review other travel and loyalty accounts

Where the same email address or password has been used across multiple travel and loyalty programmes, consider updating credentials on those accounts as well. Credential reuse remains one of the most common ways a single breach leads to broader exposure.

Email and Digital Identity

Your email is the key to your digital identity. Securing it is a sensible first step.

Strengthen email security

~5 min
Updating the password and enabling MFA on email accounts associated with the breach is widely recommended. It is also worth checking email forwarding rules and connected app permissions, as these can be exploited to silently intercept communications.

Understand your full account exposure

Most people have dozens of online accounts linked to a single email address. When that email is exposed in a breach, understanding which services are connected is a critical first step in assessing personal risk. Tools that map your digital footprint can help identify accounts that may need attention.

Identity Protection

Name + date of birth + address is commonly used in identity verification by financial institutions.

Consider a credit ban (especially if your date of birth and address were exposed)

~20 min
For those whose date of birth and address were included in the exposed data (approximately 1.7 million records, according to Qantas), the combination could potentially be used in fraudulent credit applications. Placing a free credit ban with Australian credit bureaus prevents new credit from being opened without additional verification.
Equifax AUExperian AU (formerly Illion)

Set a SIM lock or port-out PIN

~10 min
Where phone number was part of the exposed data, contacting the relevant mobile carrier to set a port-out PIN is a practical safeguard. SIM-swap fraud can be used to intercept verification codes and bypass MFA on other accounts.
Telstra security

Monitoring and Reporting

Australian resources for breach response and identity protection.

Stay alert for targeted phishing

Exposed name email and Frequent Flyer number may be used to craft highly convincing phishing messages. Treat any unsolicited contact referencing Qantas account details with caution, and verify directly through official Qantas channels (13 13 13).

Contact IDCare or report to Scamwatch

IDCare (1800 595 160) is Australia's national identity and cyber support service and provides free, tailored guidance for people affected by data breaches. Reporting to Scamwatch contributes to broader awareness and helps authorities track emerging threats.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The Qantas breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.

How breach data compounds

On its own, the Qantas breach exposed names, emails, dates of birth, and phone numbers. But if your email also appeared in the Optus or Medibank breaches, the combined data set may include identity documents, Medicare details, and health records. This kind of compound exposure significantly increases the risk of identity fraud.

  • Optus (2022)9.8M records - passport, licence, Medicare numbers
  • Medibank (2022)9.7M records - health claims, Medicare details
  • Latitude Financial (2023)14M records - driver's licence, passport numbers
  • Qantas (2025)5.7M records - name, date of birth, phone, email

If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

Qantas Breach FAQ

Sources

  1. The Guardian: "Five million Qantas customers have had personal information leaked" (13 Oct 2025)
  2. The Guardian: "Qantas confirms cyber-attack exposes records of up to 6 million customers" (2 Jul 2025)
  3. BleepingComputer: "Qantas discloses cyberattack amid Scattered Spider aviation breaches" (Jul 2025)
  4. OAIC: Statement on Qantas cyber incident
  5. Nasdaq: "Qantas Confirms Cyber Breach Exposed 5.7 Million Customer Records" (Oct 2025)
  6. Qantas: Cyber incident support page
  7. Australian Government: Protective Security Policy Framework (PSPF)
  8. OAIC: Australian Privacy Principles

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Qantas Airways Limited. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.