Millions of customers’ data may have been compromised in a cyberattack on Qantas, the airline confirmed in a statement to shareholders this morning.

The airline said the cyberattack occurred on Monday after a cybercriminal targeted a customer contact centre and gained access to a third-party customer servicing platform.

Qantas said the attack compromised customer data, potentially impacting six million customers who have service records on the system.

”Qantas can confirm that a cyber incident has occurred in one of its contact centres, impacting customer data. The system is now contained,” a statement released to shareholders says.

“We understand this will be concerning for customers. We are currently contacting customers to make them aware of the incident, apologise and provide details on the support available.”

“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.”

Affected data includes names, email addresses, phone numbers, birthdays and frequent flyer numbers.

The company said credit card details, personal financial information and password details were not held in the affected system and have not been compromised.

Qantas said frequent flyer accounts were not compromised. 

“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” Qantas Group Chief Executive Officer Vanessa Hudson said.

“Our customers trust us with their personal information and we take that responsibility seriously.

“We are contacting our customers today and our focus is on providing them with the necessary support.

“We are working closely with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts.”