Australian airline Qantas has confirmed a "significant" data breach after cybercriminals broke into a third-party platform used by one of its contact centres.
The airline discovered "unusual activity" on Monday but said in a statement it moved quickly to contain the issue.
The airline said six million customers had service records on this platform.
Qantas said in a statement: "We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers."
The airline said there is no impact on its operations or the safety of its passengers.
Qantas Group chief executive Vanessa Hudson said the company was working closely with the National Cyber Security Coordinator and the Australian Cyber Security Centre.
"We sincerely apologise to our customers and we recognise the uncertainty this will cause. Our customers trust us with their personal information, and we take that responsibility seriously," she said.
"We are contacting our customers today, and our focus is on providing them with the necessary support."
Was any information stolen?
Qantas said the data included names, email addresses, phone numbers, birth dates, and frequent flyer numbers of some customers.
But no credit card details, passport data, passwords, or PINs were stored on the compromised platform.
Qantas said it has notified the Office of the Australian Information Commissioner and the Australian Federal Police, and independent cybersecurity experts are assisting with the investigation.
What to do if your data has been compromised
The airline is emailing affected customers and has set up a dedicated support line at 1800 971 541 (or +61 2 8028 0534 from overseas).
If you suspect your data has been compromised, call the Australian Cyber Security Hotline on 1300 CYBER1 or 1300 292 371.
Mohiuddin Ahmed, a senior lecturer in computing and security at Edith Cowan University, said customers should change their email passwords and set up multi-factor authentication if they haven't already.
"Also, be very vigilant for scam calls, texts and phishing emails. Given the stolen information, sophisticated scammers will target these affected customers," Ahmed said.
