Exclusive: More than a million Qantas customers had more of their data stolen in last week’s massive cyberattack than they were first told.

Since Wednesday, the airline has been emailing the roughly 5.7 million affected people to tell them exactly what information of theirs had been compromised in the hack on a call centre.

However, today, 1.1 million of those customers received a second email from the airline, informing them more data had been stolen than first thought.

A Qantas A380 aircraft passes Gate 20 at The Beach, Mascot on the perimiter of Sydney Airport. Qantas.
Qantas has told some custers they had more data stolen in last week’s cyberattack than they were first told. (Wolter Peeters/SMH)

In the vast majority of these cases, customers’ phone numbers have been stolen, on top of the other information they had been informed of earlier in the week.

“We will this evening have completed emailing all of the customers impacted in the cyber incident that had an email address in the system,” a Qantas spokesperson told 9news.com.au.

“As part of our ongoing analysis of the data, we’ve identified some customers who we had already emailed in recent days who also had data in the ‘business phone’ field.

“We are emailing customers this afternoon to advise them.”

Qantas had previously said about 900,000 people and businesses had their phone number stolen in the hack.

“We are writing to provide you with an update following our previous email about the cyber incident on Monday, 30 June 2025,” the new emails seen by 9news.com.au read.

“Our ongoing investigation has identified that your phone number details were accessed in addition to the data types we previously advised.

An excerpt of the email sent to some Qantas customers.
An excerpt of the email sent to some Qantas customers. (Nine)

“We recommend you remain vigilant for any unexpected contact by phone, in addition to the email and text message precautions we outlined in our previous communication.”

Qantas confirmed on Wednesday that email addresses, phone numbers, addresses, dates of birth, genders and even meal preferences in some cases had been stolen, as well as frequent flyer numbers, points balances, tiers and status credits.

However, it has stressed no login details, credit card numbers, payment details or passport numbers have been compromised.

You May Also Like

These Celebs And Politicians Can't Stand Tim Walz

Andrew Harnik/Getty Images Tim…

The Morning Briefing: The Dem 2024 Election Post Mortems Are Marvelous Entertainment

Top O’ the Briefing Happy Friday, dear Kruiser Morning Briefing friends.…

Dear Abby: I think my son is gay and doesn’t want to be near his homophobic father

DEAR ABBY: I have suspected for many years that my son is…

The tricky rules elderly drivers have to comply with

A fatal car crash in Melbourne involving a 91-year-old driver yesterday has…