Qantas is the latest airline to fall victim a cyberattack.
The Australian carrier said Wednesday that cybercriminals had gained access to one of its customer servicing platforms, which is run by a third-party operator.
There is no impact on Qantas operations or safety, the airline said, but 6 million Qantas customers have service records in that platform.
Qantas said it first noticed the attack on Monday and that the system is now contained.
"We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant," the airline said. "An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers."
The airline said that credit card, personal financial and passport details are not held in this platform and that no frequent flyer accounts or passwords were compromised.
The Monday attack came just three days after the FBI warned that a notorious cybercriminal organization called Scattered Spider had turned its attention to the airline sector. Recent prominent cyberattack victims include Hawaiian Airlines last week and WestJet on June 13. Neither of those attacks have been formally linked to Scattered Spider, nor has the Qantas attack.
The FBI said Scattered Spider often impersonates employees or contractors to deceive IT help desks into granting access to internal systems. It added that the organization targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem, including vendors and contractors, could be at risk.
Qantas said that it is putting additional security measures in place to strengthen system monitoring and detection as it investigates this week's attack.
"We sincerely apologize to our customers, and we recognize the uncertainty this will cause," the airline said.