Exclusive: More than a million Qantas customers had more of their data stolen in last week’s massive cyberattack than they were first told.
Since Wednesday, the airline has been emailing the roughly 5.7 million affected people to tell them exactly what information of theirs had been compromised in the hack on a call centre.
However, today, 1.1 million of those customers received a second email from the airline, informing them more data had been stolen than first thought.
In the vast majority of these cases, customers’ phone numbers have been stolen, on top of the other information they had been informed of earlier in the week.
“We will this evening have completed emailing all of the customers impacted in the cyber incident that had an email address in the system,” a Qantas spokesperson told 9news.com.au.
“As part of our ongoing analysis of the data, we’ve identified some customers who we had already emailed in recent days who also had data in the ‘business phone’ field.
“We are emailing customers this afternoon to advise them.”
Qantas had previously said about 900,000 people and businesses had their phone number stolen in the hack.
“We are writing to provide you with an update following our previous email about the cyber incident on Monday, 30 June 2025,” the new emails seen by 9news.com.au read.
“Our ongoing investigation has identified that your phone number details were accessed in addition to the data types we previously advised.
“We recommend you remain vigilant for any unexpected contact by phone, in addition to the email and text message precautions we outlined in our previous communication.”
Qantas confirmed on Wednesday that email addresses, phone numbers, addresses, dates of birth, genders and even meal preferences in some cases had been stolen, as well as frequent flyer numbers, points balances, tiers and status credits.
However, it has stressed no login details, credit card numbers, payment details or passport numbers have been compromised.
