Australian airline Qantas said Wednesday that a hacker made off with a trove of customers’ personal data including passenger names, emails, phone numbers, birth dates and frequent flyer numbers.
The company said in a statement that a cybercriminal targeted one of its call centers on Monday and gained access to a third-party customer service platform that holds records for 6 million passengers.
Qantas apologized to customers and said that while it’s still investigating the proportion of data stolen, “we expect it will be significant.”
However, the system that was breached did not contain credit card and passport details or other personal financial information. Frequent flyer accounts weren’t compromised and security credentials were not accessed, Qantas said.
Qantas, Australia’s biggest airline, said there is no impact on operations or safety.
“We sincerely apologize to our customers and we recognize the uncertainty this will cause,” CEO Vanessa Hudson said in a statement.
Qantas said it has tightened up security measures and notified Australian cyber and data privacy authorities and the federal police.
