Qantas Data Breach: What Happened and How to Stay Safe

In October 2025, it was confirmed that the personal data of millions of Qantas customers had been released by cybercriminals. Below is a summary of what happened, what data was exposed, and what you can do to protect yourself.

What Happened and What Was Stolen

The breach began in mid-2025 when hackers tricked staff at an overseas Qantas call centre into giving them access credentials. This type of scam is known as “social engineering” — where criminals pretend to be someone trustworthy to gain access.

Around 5.7 million customer records were affected. The stolen information included names, email addresses, phone numbers, dates of birth, Frequent Flyer numbers and status tiers, residential or business addresses, and in some cases, travel preferences and meal choices.

No passwords, PINs, credit card details, passports or financial information were accessed. Qantas confirmed that Frequent Flyer accounts remain secure and that multi-factor authentication protects customer logins.

How Qantas Responded

Qantas moved quickly to isolate and contain the affected system. The airline has worked closely with cybersecurity experts and government authorities to investigate the attack. It also obtained a court order to prevent the publication or use of the stolen data.

A 24-hour support line and identity protection resources were made available to customers whose information was included in the breach. The Office of the Australian Information Commissioner was formally notified, as required under Australia’s data-breach laws.

How to Protect Yourself After a Breach

Here are practical steps to stay safe — especially important for older users who may be more targeted by scams.

1. Watch out for scam emails and texts. Scammers may pretend to be from Qantas, claiming to offer refunds, rewards, or points. Never click on links or open attachments from unexpected messages. Always log in to your Qantas account directly through the official app or website.

2. Be cautious with phone calls. Hang up if someone calls claiming to be from Qantas or your bank asking for personal information. Call back using a number you know is genuine.

3. Strengthen your account security. Turn on two-factor authentication wherever possible. Use strong, unique passwords and consider changing your Qantas Frequent Flyer password for extra peace of mind.
   Qantas ALREADY USES two-factor authentication for the services that were breached so please don't panic but use it as a reminder to turn on two-factor authentication for everything you can.

4. Monitor your accounts. Keep an eye on your bank statements and credit reports for any unfamiliar activity. Report suspicious transactions immediately.

5. Stay informed and report scams. Follow advice from trusted government sources such as Scamwatch or the Australian Cyber Security Centre. Report suspicious messages or calls so others can be warned.

Data breaches can feel worrying, but staying calm and alert is the best defence. By practising safe online habits and verifying all communication before responding, you can protect yourself and those around you from potential scams.

Published by The iPad Man — helping you stay confident, secure and informed in today’s digital world.

Are you a member of The iPad Man's Online School?

It is now hosted on a new platform... try logging in here. (You may need to reset your password  breaches

New Online School Member Login