Navigation for News Categories

New Zealand national
13 Oct 2025

Some New Zealand Qantas customers have personal data leaked on dark web

3:23 pm on 13 October 2025
Qantas Airbus A380 aircraft as seen flying and landing at London Heathrow Airport LHR. The wide body double-decker Airbus A380 aircraft has the registration VH-OQH, the name Reginald Ansett and is powered by 4x Rolls Royce RR jet engines. The specific passenger plane was stored for 2 years due to the Covid-19 Coronavirus pandemic. Qantas Airways Limited is the flag carrier of Australia, the world's third oldest airline in operation and member of Oneworld aviation alliance group. The main hub for the Australian airline is Sydney airport. London, United Kingdom on August 2022 (Photo by Nicolas Economou/NurPhoto) (Photo by Nicolas Economou / NurPhoto / NurPhoto via AFP)

Photo: Nicolas Economou / NurPhoto via AFP

Qantas says some of its New Zealand customers have had their personal data leaked onto the dark web.

Australian media have reported that the personal data of 5.7 million Qantas customers was leaked.

It said while the majority of people affected are in Australia, some are in New Zealand.

Last week Qantas was made aware of a post containing samples of stolen data from around 40 international companies, including Qantas, following a cyber breach in July.

It said the other companies listed included Disney, Google, IKEA, Toyota, McDonalds, Air France and KLM.

A cyber hacker group has claimed responsibility.

Qantas said that with the help of specialist cyber security experts, it is investigating what data was part of the release.

"Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties.

"We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred."

In July Qantas advised all affected customers of the types of their personal data that was contained in the affected system and this has not changed.

Of the 5.7 million Qantas customer records that were stolen in early July, the majority was limited to name, email address and Frequent Flyer details.

"A smaller portion of the impacted customer data includes business or home address, date of birth, phone number, gender and meal preferences".

It also said no credit card details, personal financial information or passport details were impacted.

"There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and login details were not accessed or compromised".

 Qantas said the data that was stolen is not enough to gain access to these frequent flyer accounts.

Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.

Tags:

Copyright © 2025, Radio New Zealand

Related Stories

New Zealand

Get the RNZ app

for ad-free news and current affairs

Download from Apple App Store Download from Google Play Store

Top News stories