Qantas has confirmed that over a million customers have had their personal data leaked in a cyber-attack last week.

After removing duplicate records, the airline’s investigation has found that there were 5.7 million unique customers’ data held in the system. Specific data fields compromised vary from customer to customer.

The Australian airline said that cyber criminals gained access to around four million customer records, which contained some combination of name, email address and Qantas frequent flyer details.

Of these, approximately 1.2 million customer records contained names and email address while 2.8 million customer records contained name, email address and frequent flyer number.

The remaining 1.7 million customer records contained a combination of the data fields along with one or more data points such as address, gender, date of birth or phone number.

Qantas said around 1.1 million customers had their date of birth details compromised, while 900,000 had their phone number breached.

The airline added that there is no evidence that any personal data stolen from Qantas has been released but said that with the support of specialist cyber security experts it is continuing to actively monitor the situation.

Qantas reconfirmed no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.

The airline said it is in contact with affected customers to inform them as well as offer advice and support.

The company has also increased resourcing in contact centres to support customers and said it received more than 5000 enquiries through the dedicated customer support line established following the cyber incident.

Qantas group chief executive Vanessa Hudson said that since the incident, Qantas has put in place a number of additional cybersecurity measures to further protect customers data, and the airline remains in “constant contact” with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police.

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible,” she added. “From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.”

---