Qantas has confirmed that up to 6 million customers have been impacted in a significant cyber breach, with a range of personal data fields along with frequent flyer numbers, accessed from a third-party contact centre platform.
The airline says no accounts have been compromised and no login credentials were exposed. But for anyone holding a frequent flyer balance, the concern goes deeper than identity theft alone.
Could your frequent flyer points be at risk?
Most media coverage of the breach so far has focused on personal data and the fact that financial information, such as credit card details, wasn’t captured as it was stored separately.
Limited attention has been paid to the fact that frequent flyer numbers are the gateway to accessing points, which hold tangible financial value.
One Qantas Point can be worth between 0.5 cents when used for gift cards, up to 5 cents when used for high-value flight redemptions. That means a member with 100,000 points could be sitting on up to $5,000 in travel value.
When combined with personal details, access to frequent flyer information could open the door to unauthorised access, especially if two-factor authentication isn’t set up correctly or your login is protected by a simple PIN.
What you should do now
In an email sent to impacted customers this evening, Qantas states there’s no need to reset your password or PIN, but to stay alert for phishing scams and unusual account activity. However, for frequent flyers anxious to secure their accounts, the following steps could be worth considering:
- Consider re-setting the pin linked to your Qantas Frequent Flyer account for peace of mind
- Log in to your Qantas Frequent Flyer account and monitor your points balance and account activity regularly. Look out for any unfamiliar redemptions or changes and contact Qantas immediately if you spot activity you don’t recognise
- Make sure 2fa authentication is switched on and that the email and mobile number linked to this layer of authentication is current and secure
- Avoid clicking on links in emails or texts. Go directly to the Qantas website or app to manage your account
Even if your login details weren’t compromised, frequent flyer numbers paired with personal information can be used to impersonate or phish you. Treat your points like cash and monitor activity to ensure your account is secure.
How has Qantas handled customer communication?
Qantas began contacting customers about the breach in staggered phases. I personally received a general broadcast email at 12.30pm, roughly four hours after the story broke publicly, outlining the incident in broad terms. It included no specific mention of whether my data was involved.
A follow-up email landed eight hours later, at 8.30pm, confirming that my personal data, which might include my name, email address, phone number, birth date and frequent flyer number, had been accessed. The email did not state which of these fields have been compromised.
The second message apologised for the breach and pointed me toward support services and a dedicated hotline. It stated that passwords, PINs and points balances were unaffected, and that no proactive action (such as pin resets) was advised at this stage.
Has Qantas done enough?
While it’s reassuring that Qantas provided direct communication, the delay in contacting some members and confirming affected accounts raises questions about whether the airline is doing enough to reassure customers and minimise ongoing risk.
It’s yet to be confirmed which data fields were compromised for individual customers, and it’s unclear whether data like Qantas Frequent Flyer membership tiers, or the number of points held within individual accounts, has also been impacted.
So far, Qantas has not released any details about the makeup of the six million affected accounts. We don’t know how many are active vs dormant, or how many contain sizeable points balances.
Qantas says it’s working with cyber security experts and government agencies. But for a program of this scale, with billions in member value, strong safeguards and timely, clear communication are important.
We’ll continue to follow this story and provide updates as more details emerge.
While you’re here: Subscribe to our newsletter for the latest tips, deals and news. It only takes a few seconds and we respect your privacy:
