Qantas has revealed that one of its contact centres has been hit by a cyberattack, impacting the data of around six million customers.

On Wednesday the Australian airline said it had detected “unusual activity” on a third-party customer servicing platform earlier in the week.

Around six million customers have service records in the breeched platform, with Qantas saying that while it is still investigating the proportion of data that has been stolen it expects it to be “significant”.

An initial review by Qantas has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.

Qantas said that it took immediate steps to contain the system, with all of its systems remaining secure.

The airline added that no credit card details, personal financial information and passport details are held in this system.

Additionally, no frequent flyer accounts were compromised nor have passwords, PIN numbers or login details been accessed.

While it carries out the investigation, Qantas said it has put additional security measures in place to further restrict access and strengthen system monitoring and detection.

The company has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, adding that it has also notified the Australian Federal Police given the criminal nature of the incident.

“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” said Vanessa Hudson, Qantas group chief executive officer. “Our customers trust us with their personal information and we take that responsibility seriously.

“We are contacting our customers today and our focus is on providing them with the necessary support.”

The incident comes after Marks & Spencer and Co-op suffered cyber incidents over April and May.

M&S began experiencing problems with its systems on 25 April, initially affecting in-store payments before spreading to other parts of the organisation.

The retailer was unable to take online orders and the company’s chief executive confirmed that some personal data was stolen in the attack.

The Co-op experienced difficulties with its ordering systems and reportedly diverted products to more remote stores to prevent shortages.

---