Qantas Airways announced that hackers leaked customer data stolen in a July 2025 cyberattack affecting companies worldwide. The breach exposed 5.7 million customer records after criminals targeted a third-party call center platform used by Qantas. Most data included names, emails, and frequent-flyer details, while a smaller portion contained addresses, birth dates, phone numbers, genders, and meal preferences.

Qantas said no further intrusions had occurred and that it’s working with Australian security agencies, also obtaining a court injunction to prevent the stolen data from being published—though experts, including cybersecurity specialist Troy Hunt, said such orders have little effect.

This incident adds to a growing list of major cyberattacks in Australia, following breaches at Optus (2022), Medibank (2022), and MediSecure (2024). The country recorded 1,113 data breaches in 2024, a 25% rise from the previous year, marking the highest since mandatory reporting began in 2018.