Qantas Airways said late Monday that a cyber-intrusion at a third-party call-centre platform allowed attackers to access personal details for as many as six million customers, in what security analysts describe as Australia’s most significant aviation data breach in years. The airline said flight operations and core reservation systems were not affected. The stolen dataset includes names, email addresses, phone numbers, dates of birth and frequent-flyer numbers, but no passwords, payment cards or passport information, according to Qantas. “No frequent-flyer accounts were compromised nor were PINs or login details accessed,” Chief Executive Officer Vanessa Hudson said in a statement, adding that the carrier had apologised to affected customers and begun notifying regulators. Qantas has engaged external forensics specialists and is working with the Australian Federal Police and the national cyber-security coordinator. The compromised call-centre system, operated from Manila, has been isolated while the company strengthens authentication and monitoring controls. Compensation arrangements have not yet been finalised. The incident follows an FBI alert issued last week warning that the hacker collective known as Scattered Spider had shifted its focus to airlines after a series of retail and insurance sector breaches. While Qantas has not publicly attributed the attack, two threat-intelligence firms said the tactics match those previously linked to the group, underscoring growing pressure on global carriers to tighten vendor oversight and multifactor authentication.