Qantas customers are finding out if their personal information was exposed in a cyber attack, as they are warned to be on high alert for scams.
The airline revealed a cyber incident on a third-party platform used by the airline's contact centre that exposed the details of six million customers.
Names, phone numbers, dates of birth and email addresses are among the data believed to be exposed.
But Qantas reassured customers' financial information, passport numbers, credit card details and frequent flyer PIN codes were not accessed.
In an email late on Wednesday, Qantas began informing the frequent flyer customers who were impacted.
"I'm writing to inform you that we believe your personal information was accessed during the cyber incident we recently experienced," the email read.
Customers have been urged to stay on high alert in the coming months because they may experience targeted phishing scams.
Qantas warned to remain alert for "unusual communications" claiming to be Qantas or emails asking for personal information or passwords.
"Remember, Qantas will never contact you requesting passwords, booking reference details or sensitive login information," it said.
A security expert echoed concerns the information may be used in further scams, similar to what happenedfollowing the Optus hack that compromised 10 million customers' information.
"Even with reassurances, the breach of names, email addresses, phone numbers and perhaps most importantly, birth dates and frequent flyer numbers, it's still significant," executive director of Macquarie University's Cyber Security Hub Dali Kaafar told AAP.
He said the details could lead to malicious actors building a more complete profile about individuals to make them more susceptible to other forms of cybercrime.
He also warned the impacts could be more far-reaching than expected.
Prof Kaafar said the claims by Qantas that no frequent flyer login details were exposed should be taken with "a grain of salt", given the number of customers who use their date of birth as a PIN code.
"Some of these customers would have been using their date of birth as a PIN, and they are immediately at risk because that data has been compromised."
He warned customers to change their passwords and PINs to prevent further harm.
Cybersecurity experts are speculating that the hackers responsible may be Scattered Spider, a group of young cyber criminals living in the US and the UK.
The FBI recently provided a warning that the group had been targeting the airline sector by impersonating legitimate users to bypass multi-factor authentication and access systems.
There has been no confirmation of the group responsible.
Qantas on Wednesday confirmed t was working closely with the National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts, chief executive Vanessa Hudson said.
A customer support line was established to provide customers with the latest information.
Qantas shares on the ASX shed about 3.6 per cent to $10.38 on Wednesday in response to the news.