Qantas, Air India, Air France, and KLM Data Breach Exposes Millions of Customer Records

Qantas, Air India, Air France, and KLM, major players in the global airline industry, have recently faced significant data breaches that exposed millions of customer records. These breaches, stemming from cyberattacks on third-party service providers, have raised serious security concerns not only for the airlines themselves but also for the broader hospitality industry. Personal data, including names, contact information, and frequent flyer details, were compromised, though financial data and passport information were reportedly unaffected. The breaches have prompted increased scrutiny of data protection practices across the tourism and travel sectors, affecting the confidence of tourists and travelers worldwide.

Qantas has announced that a cyber security incident has affected the personal information of approximately 5.7 million of their customers in June 2025. Information including customer names, email addresses, dates of birth, and frequent flyer information were exposed and compromised. This exposure of data was through a third party service provider which was not however warned.

Air India has dealt with a similar crisis, announcing a data breach involving the personal data of 4.5 million customers in May 2021. The breach included records with personal details, including dates of birth, contact details, and ticket information, from as far back as 2011.

Air France and KLM were targeted in August 2025, compromising customer data including names, email accounts, and phone numbers.