PH-based call center linked to Qantas cyberattack exposing data of 5.7 million customers

• Photo from Pixabay

By TechWatch PH Staff

A cyberattack targeting the customer support system of Australian airline Qantas has been traced to a call center operation based in the Philippines, putting the country once again at the center of an international data privacy controversy.

The breach, revealed earlier this week, compromised the personal information of approximately 5.7 million Qantas frequent flyer members, including names, home addresses, dates of birth, and frequent flyer account details.

While Qantas has confirmed that no financial information, passport data, or login credentials were accessed, the incident has raised serious concerns over data protection protocols involving offshore outsourcing hubs.

The Philippine-based call center reportedly handled key customer service functions for Qantas, making it a critical access point to the compromised data lake.

Although the identity of the outsourcing provider has not yet been disclosed, sources familiar with the investigation confirmed that the breach originated through systems maintained in Manila.

Australian law firm Maurice Blackburn has filed a formal complaint with the Office of the Australian Information Commissioner (OAIC), accusing Qantas of failing to protect customer data stored in third-party systems. The airline has since obtained an interim injunction from the New South Wales Supreme Court to prevent dissemination of the stolen data.

This latest incident places the Philippines under renewed scrutiny as a major outsourcing destination for global companies handling sensitive data.

Industry analysts warn that while the country boasts a robust BPO infrastructure, cybersecurity standards across third-party vendors remain inconsistent, especially in smaller call centers operating under subcontracted arrangements.

The Philippine government has yet to issue an official statement, but the Department of Information and Communications Technology (DICT) is expected to initiate an inquiry in coordination with Australian counterparts.

The breach comes at a time when the Philippines is still reeling from a series of recent cyber incidents involving both public and private sector databases.

With the nation serving as a global hub for customer support, the Qantas breach highlights the urgent need for tighter regulatory oversight, international data-sharing protocols, and enforced compliance with cybersecurity best practices.

As investigations continue, cybersecurity advocates are calling on both governments to increase transparency and hold accountable any parties found negligent in protecting consumer data.