If Qantas were a person, it’d be that person at the bar who spills your drink, blames the table, and then proceeds to do nothing except make lame excuses and wander off without offering to buy you a fresh one.
The airline’s latest crisis? Last week’s cyber privacy breach involving 5.7 million customers’ personal data and, for a subset of those, frequent flyer data. More than a week after the data breach, Qantas appears none the wiser as to who perpetrated it or why. If it does, it is certainly not sharing that information with those affected: its customers. Qantas now says it knows who had what data stolen and is contacting those affected. Progressively.
The realities of this monumental failure by the airline continue to be quietly downplayed by management as a “technical issue”; no mention of a cyberattack, and no evidence of malicious activity, they say. And, anyway, it was on a “third-party platform”.
Related Article Block Placeholder
Article ID: 1212771
“Since the incident, we have put in place a number of additional cybersecurity measures to further protect our customers’ data, and are continuing to review what happened,” Qantas said in its latest update.
But if you talk to the people who keep Qantas airborne, you’ll get a different story, one of outsourcing and a leadership team pathologically incapable of owning its failures.
“This isn’t a one-off glitch. It’s the third major IT-related debacle in as many years. And it’s yet another symptom of a company that has hollowed out its internal capacity and outsourced critical functions all to save money. The customers and staff always seem to come last,” one pilot told Crikey.
Another pilot noted that the Qantas chairman John Mullen has yet to make any comment or offer reassurance to customers: “The board seem to be sticking their heads in the sand and hoping the problem will go away.”
But it’s the now all-too-familiar outsourcing that most rankles Qantas staff. The airline’s rank and file are still fuming about the illegal outsourcing of baggage handlers, which the company fought all the way to the High Court before being found guilty several times and forced to pay hundreds of millions in compensation.
“The big question is: why has Qantas outsourced so much of its call centres to the Philippines, which is where this leak happened. Isn’t it supposed to be the Australian national carrier?” a Qantas regional pilot wondered aloud.
“Qantas is taking jobs out of Australia. There are plenty of Australians who would love to work for Qantas, but the jobs are cheaper offshore; it’s all about executives’ bonuses, not customers.”
The operational rot goes deeper than code
Related Article Block Placeholder
Article ID: 1207257
A former senior pilot told Crikey that at Qantas these days, the default response from management is “blame deflection”.
Blame the system, blame demand, blame COVID. Never the decision-makers, never the outsourcing strategy, and certainly never the board. And you see the result — the public and customers no longer believe what Qantas says, and the Qantas workforce no longer believes Qantas knows what it’s doing.
From a crisis management perspective, Qantas has once again failed the basics. There’s been no public accountability, just passive-voice statements and buried FAQs. Customers found out about the data breach via app alerts or media leaks initially — not from the airline. The message seems to be: we’ll let you know if it gets worse. Given Qantas’ track record, this may be designed to limit legal exposure, but it torches trust, something that its CEO Vanessa Hudson has been working hard to try and regain.
But actions speak louder than comforting words. As a Qantas Frequent Flyer myself, who had received an initial email notifying me that my data may well have been taken by the hackers, I once more called the outsourced (yes, really — to the UK) help number, where staff were no wiser than they had been when I called them last week.
I was told that Qantas was “progressively working through the data” and “informing customers just in what field their data has been stolen”.
“I wouldn’t want to give you a time frame, but they are working throughout,” said the call centre operator, who confirmed that Qantas was still not offering anything by way of recompense. She said — clearly meant to reassure me — that Qantas had “engaged cybersecurity experts” (now, but clearly not before the hack) who were “keeping an eye on what the data may be being used for” and even monitoring “the dark web”.
I was told if I wanted “any further information about cybersecurity”, that Qantas has “partnered with www.idcare.org”, where I could go and quote a referral code: qant25. Still, this company could not provide any information about the specific incident. The usual Qantas customer service merry-go-around.
There was a time when Qantas was synonymous with safety, engineering rigour, and operational excellence. Those were not marketing slogans — they were hard-earned truths, backed by in-house talent, deep institutional memory, and a sense that responsibility flowed up as well as down.
Related Article Block Placeholder
Article ID: 1204684
Now? Those same pilots and engineers are reduced to cynics. They watch senior execs cycle through comms-trained media lines while serious safety and systems issues fester. They’ve seen pandemic bailouts turn into share buybacks. They’ve watched IT budgets balloon — only for systems to fail, again and again.
Is anyone actually accountable?
Alan Joyce may be gone, but the DNA of deflection remains. When Qantas sold its soul to cost-cutting, it lost more than headcount. It lost institutional capability — and when something goes wrong, as it increasingly does, there’s no-one left to step up and fix it.
That’s the unspoken truth of this breach. Not that some data slipped through a crack, but that there’s no-one left inside the building who really understands how the building works — because they all took the package and ran. Deep aviation experience is not learned overnight.
Until Qantas reverses this rot — by rebuilding internal teams, reestablishing operational control, and ending the CEO blame carousel — it risks a continued spiralling into crises, each one handled worse than the last.
After the serial scandals of recent years, can anyone remember when Qantas was worth believing in?
Were you a victim of the Qantas data breach?
We want to hear from you. Write to us at [email protected] to be published in Crikey. Please include your full name. We reserve the right to edit for length and clarity.
