Australian flag carrier Qantas confirmed Wednesday that cybercriminals targeted a third-party customer service platform containing the personal information of about six million users.
In a statement, the airline said it noticed unusual activity on the platform on Monday and moved immediately to contain the breach. While it is unclear how much customer information was stolen, officials said they expect the figure will be “significant.”
The data includes some customers’ names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Other data, such as credit card numbers, financial information, and passport details, are not stored in the system that was breached.
No frequent flyer accounts were compromised, Qantas said, and passwords, PIN numbers, and log-in details were not accessed.
The carrier’s operations were not affected.
“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” Qantas Group CEO Vanessa Hudson said in a statement. “Our customers trust us with their personal information and we take that responsibility seriously. We are contacting our customers today and our focus is on providing them with the necessary support.”
The airline reported the incident to police and the federal government’s cybersecurity coordinator.
