The Office of the Australian Information Commissioner (OAIC) can confirm that Qantas has notified it of an eligible data breach under the Notifiable Data Breaches (NDB) scheme following its recent cyber incident and the office is actively engaging with Qantas in relation to its compliance with NDB obligations.
Qantas are also working with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent cyber security experts. The Australian Federal Police has also been notified, due to the criminal nature of this incident.
Read more information about the Notifiable Data Breaches scheme.
Information for those impacted by the cyber incident
If you are concerned about how this incident impacts you, please first check the Qantas website for more information, including how to contact the Qantas dedicated support line.
If you wish to lodge an individual complaint about Qantas, you must first lodge a complaint directly with Qantas through the Customer Care Feedback Form. This will provide you with a record of your complaint and will include a reference number for future communications with Qantas and the OAIC about your concerns.
Allowing Qantas the opportunity to deal with your complaint is contemplated under the Privacy Act. Given the circumstances, Qantas should be provided with a minimum of 30 days to enable it to adequately respond to your complaint.
It remains open to you to lodge a complaint within the OAIC if you are dissatisfied with the outcome of your complaint once Qantas has been given an adequate opportunity to deal with your complaint. Further information about engaging with a respondent to resolve a complaint and our privacy complaints practices is available on our website.
Other resources and support
Individuals impacted by notifiable data breaches can find information on our website about data breach support and resources and responding to a data breach notification.
