Qantas has confirmed 5.7 million customers have been impacted by last week's cyber attack, as it begins the process of contacting customers who have been affected individually.

The cyber incident first revealed last week was initially expected to have compromised the customer data of 6 million people. The breach involved a cyber criminal targeting a Qantas airline contact centre via its third-party customer servicing platform, and was first detected on 30 June.

The airline has stated sensitive financial information, such as credit card details, personal financial information, and passport details, were not accessed during the incident. Qantas Frequent Flyer accounts also reportedly remain unaffected, with no passwords, PINs, or login details compromised. However, the compromised data does include customers' names, email addresses, Qantas Frequent Flyer numbers, addresses, dates of birth, phone numbers, gender, and meal preferences.

Qantas said it's now actively communicating with affected customers aged 15 and above, providing them with details via email about the types of personal data compromised as well as further support options.

“Our absolute focus since the incident has been to understand what data has been compromised for each of the 5.7 million impacted customers and to share this with them as soon as possible," Qantas CEO, Vanessa Hudson said. “From today we are reaching out to customers to notify them of the specific personal data fields that were held in the compromised system and offer advice on how they can access the necessary support services.

“Since the incident, we have put in place a number of additional cyber security measures to further protect our customers data, and are continuing to review what happened. We remain in constant contact with the National Cyber Security Coordinator, Australian Cyber Security Centre and the Australian Federal Police. I would like to thank the various agencies and the Federal Government for their continued support.”

After removing duplicate records, Qantas said its investigation has found that there were 5.7 million unique customers’ data held in the system. Specific data fields vary from customer to customer. About 4 million customer records are limited to name, email address and Qantas Frequent Flyer details. Of this, 1.2 million customer records contained name and email address, while 2.8 million customer records contained name, email address and Qantas Frequent Flyer number. The majority of these also had tier included. A smaller subset of these had points balance and status credits included.

Of the remaining 1.7 million customers, their records included a combination of some of the data fields above and either their residential or business address, date of birth (more than 1 million), phone number, gender and meal preferences. Qantas added the data that was compromised is not enough to gain access to these frequent flyer accounts.

The airline has advised customers to remain vigilant against potential misuse of their personal information and to employ two-step authentication where available. Customers are also encouraged to stay informed about scams and report any suspicious activity to Scamwatch.

The airline said it's also increased resources in its contact centre and established a dedicated support line for customers. Additional security measures have been implemented to restrict access and enhance system monitoring.