Open Letter to Vanessa Hudson, CEO of Qantas Group RE: Mishandled Data Breach and Failure of Leadership

Dear Vanessa Hudson ,

I am writing in response to your recent communications regarding the cyber incident affecting Qantas customers—including myself and, more alarmingly, my 15-year-old daughter.

We received the initial breach notification email on July 10, 2025, advising that our personal information had been accessed. Since then, we’ve sat on this, waiting to see if Qantas would step up with meaningful, proactive follow-up—support, identity protection, and further transparency. As of today, there’s been no such communication.

Let me be clear: this is not a fumble; this is a systemic failure, and it lands squarely on the shoulders of your executive leadership.

You entrusted a third-party platform with our most sensitive data—names, dates of birth, contact details, Frequent Flyer info, and more. That data was breached. And instead of immediate, comprehensive support, what did you offer? A suggestion that we call a number if we want identity protection advice. Not even direct access to services—just a helpline and a hope that customers will fend for themselves.

Meanwhile, your update on July 23, 2025, expresses concern about scammers exploiting this breach. Frankly, that’s exactly what we feared. A warning two weeks after the initial notification does little to protect already exposed customers—particularly minors.

Let me remind you: this isn’t just about stolen addresses or frequent flyer balances. This is about trust, safety, and responsibility. And asking customers to remain vigilant, monitor scams, and self-diagnose their exposure is not leadership—it’s deflection.

You say “our focus continues to be on doing all we can to support our affected customers.” If that’s true, then show it.

Here’s what that looks like:

• Proactive, automatic enrollment in identity protection and monitoring services for every affected customer, not just those who call and ask.
• A formal commitment to review your third-party vendor risk policies.
• Clear leadership accountability for the failure—starting at the executive level.
• Transparent disclosure of what’s changing to ensure this never happens again.

You operate an airline, Ms. Hudson. You should understand better than most: you don’t wait until a plane is going down to check the parachutes. Don’t wait for another breach—or worse consequences—to act decisively.

Sincerely, Robert Concerned Parent & Cybersecurity Professional Founder, Cyber News Live .

QantasLink Qantas Freight Qantas Business Rewards Qantas Vacations Qantas Distribution Platform