Qantas facing 'significant' data theft after cyber attack

Qantas is dealing with a potentially large-scale theft of customer data following a cyber breach at one of its contact centres.

According to the airline, a cyber criminal targeted a call centre and gained access to a "third-party servicing platform" containing 6 million customer service records.

iTnews understands that the affected call centre is based in Manila, the Philippines. However, it is unclear where the third-party platform's servers are located.

Qantas said that while the breach has been contained, a “significant” amount of data is believed to have been stolen, including some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

However, the airline reiterated that credit card details, personal financial information and passport details are not held in this system.

Frequent flyer accounts, including passwords, PINs or login details, were also unaffected.

Qantas said it had reported the breach to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, plus the Australian Federal Police.

It has also set up a customer support line - 1800 971 541 or +61 2 8028 0534 - as well as a dedicated web page, to provide updates to customers.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information and we take that responsibility seriously,” Qantas CEO Vanessa Hudson said.

“We are contacting our customers today and our focus is on providing them with the necessary support.

“We are working closely with the federal government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.”