Australia’s Qantas Airways has announced a cut in short-term incentives for its Group CEO and executive team following a major Qantas July cyberattack in that exposed the personal data of 5.7 million customers. In its latest annual report, the Qantas Board said it recognized the significant impact of the Qantas cyberattack on customers and reduced annual bonuses for senior leadership by 15 percentage points. For Group CEO Vanessa Hudson, this translates to a $250,000 reduction in her pay.
“Despite the strong performance, the Board decided to reduce annual bonuses by 15 percentage points as a result of the impact the cyber incident had on our customers,” said Qantas Group Chairman John Mullen. “This reflects their shared accountability, while acknowledging the ongoing efforts to support customers and put in place additional protections.”
Details of the Qantas Cyberattack
The Australian airline confirmed that the Qantas data breach stemmed from unauthorized access to a third-party customer service platform used by one of its contact centers. While flight operations and safety were not affected, sensitive customer data was compromised.
A forensic investigation revealed that 2.8 million customers had their names, email addresses, and frequent flyer numbers exposed. For another 1.7 million, additional details such as home addresses, dates of birth, phone numbers, meal preferences, or genders were accessed. In total, the Qantas cyberattack impacted 5.7 million customers.
Qantas stressed that no passport or credit card details were leaked, and the stolen data was not sufficient to gain access to frequent flyer accounts.
To protect customers, Qantas secured an injunction from the NSW Supreme Court to prevent the stolen data from being published or accessed by third parties. The airline also notified the Australian Federal Police, the National Cyber Security Coordinator, and the Australian Cyber Security Centre, along with relevant regulators in other jurisdictions.
Support and Remediation Efforts
The airline of Australia has been proactive in communicating with affected customers of Qantas cyberattack, offering a dedicated support line and access to specialist identity protection services.
Qantas also said it has put in place stronger monitoring and security controls across its systems to prevent similar Qantas cyberattack incidents. “We continue to incorporate lessons learned from this breach into our risk management framework,” the company said in its annual report.
The airline highlighted the rise of social engineering and phishing threats targeting both businesses and individuals. To counter this, it has introduced several initiatives, including annual Cyber Safety Week, phishing simulations based on real-world threats, and tailored training for higher-risk employees such as developers, privileged users, and pilots.
Qantas has also introduced recognition programs to reward employees who demonstrate strong cybersecurity practices, reinforcing what it describes as a “CyberSafe culture” across the organization.
Financial Performance and Employee Rewards
Despite the Qantas July cyberattack, Australian Airline reported a profit of $1.5 billion for the last fiscal year, buoyed by strong travel demand and cost efficiencies. Alongside executive pay cuts, the airline announced measures to reward its wider workforce.
This year, around 25,000 non-executive employees will be granted $1,000 worth of company shares under a new annual share plan, subject to company performance. This follows a $1,000 “Thank You” payment made in December 2024.
“With a highly skilled and passionate workforce, compelling dual-brand proposition, our largest-ever fleet order, and one of the world’s best airline loyalty programs, we are well placed to achieve our long-term goals,” said Chairman Mullen.
The Qantas July 2025 cyberattack has highlighted the growing threat of cyber incidents to global airlines and the broader aviation sector. While investigations into the Qantas cyberattack are still ongoing, Qantas says it is determined to strengthen its defenses and restore customer trust. The Australian airline has also pledged to continue investing in technology, staff training, and partnerships with government agencies to enhance its resilience.
