Exclusive: More than a million Qantas customers had more of their data stolen in last week’s massive cyberattack than they were first told.

Since Wednesday, the airline has been emailing the roughly 5.7 million affected people to tell them exactly what information of theirs had been compromised in the hack on a call centre.

However, today, 1.1 million of those customers received a second email from the airline, informing them more data had been stolen than first thought.

A Qantas A380 aircraft passes Gate 20 at The Beach, Mascot on the perimiter of Sydney Airport. Qantas.
Qantas has told some custers they had more data stolen in last week’s cyberattack than they were first told. (Wolter Peeters/SMH)

In the vast majority of these cases, customers’ phone numbers have been stolen, on top of the other information they had been informed of earlier in the week.

“We will this evening have completed emailing all of the customers impacted in the cyber incident that had an email address in the system,” a Qantas spokesperson told 9news.com.au.

“As part of our ongoing analysis of the data, we’ve identified some customers who we had already emailed in recent days who also had data in the ‘business phone’ field.

“We are emailing customers this afternoon to advise them.”

Qantas had previously said about 900,000 people and businesses had their phone number stolen in the hack.

“We are writing to provide you with an update following our previous email about the cyber incident on Monday, 30 June 2025,” the new emails seen by 9news.com.au read.

“Our ongoing investigation has identified that your phone number details were accessed in addition to the data types we previously advised.

An excerpt of the email sent to some Qantas customers.
An excerpt of the email sent to some Qantas customers. (Nine)

“We recommend you remain vigilant for any unexpected contact by phone, in addition to the email and text message precautions we outlined in our previous communication.”

Qantas confirmed on Wednesday that email addresses, phone numbers, addresses, dates of birth, genders and even meal preferences in some cases had been stolen, as well as frequent flyer numbers, points balances, tiers and status credits.

However, it has stressed no login details, credit card numbers, payment details or passport numbers have been compromised.

You May Also Like

What we know about the movements of the backpacker missing in outback WA

Police found the distinctive Mitsubishi Delica van that the 26-year-old was driving…

Ukrainian intelligence officer 'assassinated' in broad daylight

A Ukrainian Security Service officer was shot dead in Kyiv overnight Australia…

CCTV shows brazen assault on innocent woman and child

A predator has been captured on video brazenly attacking a woman and…

Canadian police official warns ‘traditional values’ may be sign a person is becoming ‘extremist’

A Royal Canadian Mounted Police (RCMP) spokesperson warned Tuesday that a person…