Qantas Data Breach 2025
A Qantas aeroplane. Marcus Reubenstein/Unsplash

On Sunday, 12 October 2025, Qantas confirmed that personal data from more than five million customers had been leaked on the dark web. The data breach followed a ransom threat from a hacker group called Scattered LAPSUS$ Hunters after Salesforce, a cloud software provider linked to Qantas, refused to pay. The attack targeted customer data stored in Salesforce systems used by Qantas between June and July 2025.

Australia's government and cybersecurity experts have since urged Qantas customers to stay alert for scams. Authorities warned that identity theft, phishing, and fraud attempts could surge in the coming weeks. Qantas has already launched a 24-hour hotline and identity protection services for affected users.

Qantas Data Breach Exposed Over 5 Million Customers

The incident compromised the details of around 5.7 million Qantas customers, as per SBS News. Hackers behind the attack had earlier threatened to leak the stolen files by 3 pm AEDT on Saturday unless Salesforce paid a ransom. When the deadline passed, they released the data and wrote online: 'Don't be the next headline, should have paid the ransom.'

The breach was part of a larger campaign that hit more than 40 global firms, including Google, Disney and Air France-KLM. Cybersecurity Minister Tony Burke confirmed that downloading or accessing the leaked data is illegal, stating, 'No-one should go looking for it on the dark web, even if you're searching for your own material.'

Qantas began notifying affected customers in July and reassured travellers that financial systems and passwords were not compromised. The company said it took immediate steps to secure remaining data and strengthen defences against future intrusions.

What Qantas Customer Data Has Been Leaked?

According to The Guardian, the stolen Qantas customer information includes:

  • Full names and email addresses
  • Frequent Flyer membership numbers
  • Home and business addresses
  • Dates of birth
  • Phone numbers and gender
  • Meal preferences in limited cases

Qantas confirmed that credit card data, passport numbers, and passwords were not exposed. However, experts warned the breach could still fuel scams.

Matthew Warren, director of RMIT University's Centre for Cyber Security, said, 'Other criminals are going to use that information, pretending to be from Qantas — you're talking about a quarter of the population.'

Dr. Marthie Grobler from CSIRO's Data61 added that frequent flyer details could make fake refund or flight rescheduling scams more convincing.

How To Know If Your Qantas Data Was Exposed

Qantas said all impacted customers were informed by email in July. Customers should look for official messages from addresses ending in @qantas.com or @qantas.com.au.

If you are unsure, call Qantas's 24/7 support hotline at 1800 971 541 or +61 2 8028 0534 if you are overseas. You can also check breach-notification websites such as 'Have I Been Pwned' once the Qantas data appears there.

Arash Shaghaghi, a cybersecurity lecturer at the University of New South Wales, advised: 'Ensure any communication you receive is legitimate and sent from an official Qantas domain.'

He also warned against searching for leaked files online, saying such data dumps are often laced with malware.

Three Steps To Protect Your Qantas Details

Shaghaghi outlined several steps for Qantas customers to secure their information and minimise risk.

1. Lock Down Accounts

Activate multi-factor authentication on important accounts, including email, banking and government logins. Change your Qantas password and any others using the same credentials. Use strong, unique passwords for each service.

2. Be Vigilant for Scams

Be cautious of unexpected calls, texts, or emails using personal details like date of birth or frequent flyer number. Do not click on suspicious links. Minister Tony Burke advised, 'If you're getting a call you're not expecting, hang up and call back through the official line.'

3. Monitor and Report Unusual Activity

Check bank and credit card statements regularly. Obtain credit reports from agencies such as Equifax, Experian and illion to spot unauthorised credit applications. Report any suspected identity theft to your bank and the Australian Cyber Security Centre immediately.

Writer's pick