In a saga making more noise than a 737 at take-off, Australia’s beloved flying kangaroo has come a cropper — and it’s not just lost luggage this time. Qantas is reeling after it admitted to a cyber blunder that saw the personal data of 5.7 million of its customers flung to the four winds, or more precisely, to the grubby clutches of cyber miscreants.

The breach, which occurred on 30 June 2025 — a date that will now live in infamy alongside ill-fated red-eye delays and undercooked in-flight chicken — involved unauthorised access to a third-party customer servicing platform used by Qantas’s contact centre. Translation? Someone left the digital back door wide open.

The compromised details read like the guest list to a Very Private Dinner: names, phone numbers, birthdates, addresses, emails, Frequent Flyer numbers, gender, status credits, points balances, and yes — even meal preferences. That’s right, folks. Does anyone know if you ever requested the vegetarian gnocchi on a Tuesday night flight to Perth? Probably someone in a basement in Belarus.

Now, enter stage left: Maurice Blackburn Lawyers, legal crusaders of class actions, dusting off their briefcases and heading straight for the Office of the Australian Information Commissioner (OAIC). They’ve lodged a formal representative complaint, accusing Qantas of failing to take “reasonable steps” to protect customer information — a no-no under the Privacy Act 1988.

“Qantas has a duty to protect the data entrusted to them by the Australian public,” said Principal Lawyer Elizabeth O’Shea, no stranger to holding the big end of town to account. “We’ve filed a formal complaint with the OAIC and encourage affected customers to register with us.”

The call to arms is clear: If you’re one of the 5.7 million who suddenly found themselves part of this unwelcome club, you can register online — it’s free, it’s non-binding, and it just might lead to compensation if Qantas is found to have slipped up on privacy protocols.

Let’s not beat around the baggage carousel here — this is big. We’re talking about a data breach that exposes your contact info and your entire flying profile. And in 2025, that kind of data is the digital equivalent of leaving the Crown Jewels in an unlocked ute.

The OAIC, Australia’s privacy watchdog, is now sniffing around and monitoring the airline’s compliance with the Notifiable Data Breaches (NDB) scheme. While Qantas quickly notified of the breach (credit where it’s due), Maurice Blackburn isn’t content with lip service.

O’Shea continued, “This isn’t just a tech hiccup. If your personal information has been compromised, you have rights — and we intend to pursue those rights vigorously on behalf of affected Australians.”

And let’s talk about timing. Just as Qantas is trying to win back public affection post-COVID and recent customer service turbulence, this breach is the equivalent of dropping the in-flight Wi-Fi mid-landing. Not ideal.

But what’s most galling to loyal flyers is the sheer magnitude of it all. This isn’t some obscure back-end glitch or a handful of forgotten passwords — this is a failure of trust. And when your brand has been synonymous with safety since 1920, that trust isn’t something you want tossed out like stale airline peanuts.

Meanwhile, scammers are surely sharpening their tools. With so much rich personal data, cyber-fraudsters have been handed a buffet of opportunity. Customers are urged to watch for suspicious emails, unsolicited texts, and anything asking for “just a few more details.”

For its part, Qantas has set up a dedicated hotline and is offering support. But critics argue that’s little consolation after the horse has bolted.

As for Maurice Blackburn — a firm with more class action wins under its belt than Qantas has airport lounges — they’re not new to these skies. This is a familiar altitude, with over $5 billion recovered from class actions since 1998.

The next steps? The OAIC will decide whether to investigate formally, while Maurice Blackburn gears up to represent what could become one of Australia’s most significant privacy actions on record. If the case gains momentum, it could see compensation paid to affected customers, or at the very least, it could force a major rethink in how major corporations handle your data.

So what now? Keep your inbox tidy and your scam radar switched on, and if you’re a Frequent Flyer who suddenly feels frequently exposed, consider registering with Maurice Blackburn. At the very least, you’ll be kept in the loop.

After all, when flying the national carrier, Aussies might forgive the odd delayed departure, but breaching their trust? That’s a grounding offence.

By Susan Ng

=======================================