The Australian airline Qantas Airways said on Sunday that the personal data of its customers had leaked online after being stolen in a July cyberattack that it said targeted companies around the world.
Qantas said in a statement that cybercriminals stole 5.7 million of its customer records by targeting a call center that used a third-party customer service platform. Qantas said it was one of a number of companies around the world that were targeted in the attack.
Qantas did not say how many of the records had been released. It also did not name the third-party platform or say which other companies had been targeted. The airline did not immediately respond to a request for comment.
Most of stolen records were limited to names, email addresses and frequent-flyer details, Qantas said in the statement. A smaller portion covered customers’ business or home addresses, dates of birth, phone numbers, genders or meal preferences.
Qantas said no further intrusions had occurred and that it was cooperating with Australian security agencies. The company also said it had obtained a court injunction to prevent the stolen data from being “accessed, viewed, released, used, transmitted or published.”
Troy Hunt, a cybersecurity expert in Australia, said that the leak appeared to be the first stemming from the July attack. The authorities investigating that attack have not disclosed which other firms were affected or how extensive the campaign may have been.
Mr. Hunt said the court injunction was unlikely to have much impact, noting similar orders that had been issued and ignored in Australia and Britain. He said such orders essentially just ask criminals not to publish stolen data.
“It’s completely useless,” Mr. Hunt said in an interview.
Cyberattackers have exposed the personal data of millions of Australians by striking companies in telecommunications, health care and aviation.
In 2022, the telecommunications company Optus disclosed a breach that compromised information for nearly 9.8 million customers, including names, birth dates, and identification numbers, the company said at the time. At the time, the breach was the largest in Australian history.
The same year, Medibank Private reported that hackers had accessed data from about 9.7 million policyholders, including medical claim details. The Office of the Australian Information Commissioner has begun civil penalty proceedings against Medibank.
In 2024, the federal government announced that MediSecure, a provider of electronic prescription services, had sustained a cyberattack that affected about 13 million people, according to the Australia’s Department of Home Affairs.
Businesses and government agencies in Australia reported 1,113 data breaches in 2024, the highest since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner. That marked an about 25 percent increase from 893 breaches reported the previous year.
Mark Walker is an investigative reporter for The Times focused on transportation. He is based in Washington.
The post Australian Airline Says Hackers Leaked Data on Its Customers appeared first on New York Times.
