A Qantas spokesman would not say if the contact was in the form of a ransom demand typically associated with cyber attacks on large organisations.

He said “as this is a criminal matter, we have engaged the Australian Federal Police and won’t be commenting any further on the detail of the contact”.

“There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor,” the spokesman said.

The breach of a Salesforce platform used by the call centre was discovered by the airline last Monday, resulting in the theft of data from six million customers, including a combination of names, birthdates, email addresses, and phone and frequent flyer numbers.

Exactly what details were stored by Qantas for each customer will be shared with those affected in coming days, the airline has said.

Qantas chief Vanessa Hudson has emphasised the hack did not extend to financial details or passport information, which Qantas stored separately to other data.

It is understood the cyber criminal was given access to the database after an interaction with a call centre operator.

Ms Hudson said it was not significant that the hacker targeted a platform connected to the call centre in Manila, saying it could have happened anywhere.

“Absolutely, I mean cyber criminals are global and this was happening in the US the week before us,” said Ms Hudson, who ended her European holiday as soon as she became aware of the breach.

“I don’t think any part of any business or any operation is not exposed to this threat. It’s something we have to manage as modern organisations, and we have to learn from these events when they happen.”

Following her promotion to CEO in September 2023, Ms Hudson announced a review of offshore call centres, with a view to bringing some or all back onshore.

The review was in response to customer concerns about long waiting times, and poorly trained customer service staff in some overseas centres.

Currently, Qantas operates five call centres in Manila, Suva, Cape Town, Auckland and Hobart, to ensure cost-effective 24/7 coverage for customers.

Asked about the review’s progress, Ms Hudson said Qantas had “recruited a lot of call centre operators onshore”.

“It’s where most of our recruitment has been happening, in Hobart and also Auckland, and that’s been continuing,” she said.

“Also, as this investigation (into the cyber attack) goes through we will review everything, and I am going to be open to every suggestion that comes from that review to do two things: one, to make sure that we uplift our controls and the security of data around customers, but also continue to improve service levels.”

The Australian Federal Police confirmed it was investigating the Qantas cyber breach, which had the hallmarks of hacker group Scattered Spider.

Days before the attack, the US Federal Bureau of Investigation warned the group was targeting the aviation industry, following hacks on Hawaiian Airlines and Canada’s WestJet.

Ms Hudson said Qantas would use the incident to “further strengthen its systems and operating models”.

“We will do that, and you know we have all sorts of third-party providers across our network and I apply the same thought process and philosophy to all of them – we need to be across all of them,” she said.

Virgin Australia was also understood to be reviewing, monitoring and testing its information security settings to adapt to changes in the threat environment.

Although the airline declined to comment on the Qantas hack and the FBI warning, Virgin acknowledged that cyber security remained a significant risk to business and the community generally.

Qantas’ advice to affected customers is to remain alert for unusual communications claiming to be from the airline, and to be cautious of emails seeking passwords or booking reference numbers.

Ms Hudson said there was no need for frequent flyer members to reset their password or PIN.

About 80 per cent of those on the compromised database are frequent flyers of various status levels, with the remainder customers who had previously booked with Qantas.

After an initial dip in price following news of the attack, Qantas shares have gained altitude, closing up 1 per cent at $10.69 on Monday.

More Coverage

Vanessa Hudson’s ‘great regret’ over Qantas cyber attack

Robyn Ironside, Jared Lynch

Qantas urges customer vigilance after cyber attack

Robyn Ironside, Jared Lynch

Originally published as Qantas and AFP seek to ‘validate’ contact from alleged cyber criminal following hack