Qantas has revealed it has been contacted by a hacker claiming to be behind the theft of details of millions of the airline's customers, with federal police keeping a close eye.
The hack potentially compromised the names, dates of birth, email addresses and frequent flyer numbers of six million customers, although their financial information remained secure.
"A potential cyber criminal has made contact and we are currently working to validate this," a Qantas spokesperson said.
"There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor."
Qantas has remained tight-lipped about who it believes is behind the attack and no cyber criminal groups have taken responsibility.
The airline said earlier in July a third-party system used by an offshore call centre had been attacked two days earlier.
It said it has added security measures for its frequent flyer accounts, including requiring extra identification for any changes.
The Australian Federal Police said it was investigating the latest developments.
"The airline has been highly engaged in assisting authorities and the AFP with investigating this incident," a spokesperson confirmed on Monday.
Qantas CEO Vanessa Hudson has apologised to customers for the data breach. Source: AAP / Rob Blakers
"I want to apologise again for the uncertainty this has caused," chief executive Vanessa Hudson said.
"We know that data breaches can feel deeply personal and understand the genuine concern this creates for our customers.
"Right now we're focused on providing the answers and transparency they deserve."
Legal experts suggest the incident could lead to a class action against Qantas after compensation claims were made against Optus and Medibank following major data breaches in 2022.
