Customers had different details stolen, with around four million customers’ names, email addresses and frequent flyer details exposed, while 1.3 million had their address stolen as well as a combination of name, email address and frequent flyer details.
Another 1.1 million had their date of birth accessed as well as other details, while 900,000 had their phone numbers stolen, 400,000 customers’ genders were accessed and the meal preferences of 10,000 customers were also amongst the breached data.
The airline has reiterated that credit card and passport details remain safe as they were not stored by the compromised system.
Qantas also says the information that was stolen was not enough to gain access to Qantas Frequent Flyer accounts.
As of yesterday, the carrier said that the stolen data did not appear to have been released anywhere.
“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” said Qantas Group CEO, Vanessa Hudson.
“We are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.
“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers’ data, and are continuing to review what happened.
“We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the federal government for their continued support.”
The carrier advised customers whose data had been accessed to be cautious with any communication from Qantas following the attack and to independently verify that any contact was from the actual airline. Customers are also being encouraged to use two-step authentication for any digital accounts, including email.
