Hackers have announced that they have leaked personal information of approximately 5 million Qantas customers on the dark web following the expiration of a ransom deadline. This incident is part of a broader cybersecurity breach affecting over 40 companies worldwide, involving potentially up to 1 billion customer records.
The hacker group Scattered Lapsus$ Hunters published an extortion note last week on a dark web data leak site, demanding payment to prevent the dissemination of the stolen data. The Qantas data was reportedly taken from a Salesforce database during a significant cyberattack in June, which included customers’ email addresses, phone numbers, birth dates, and frequent flyer numbers, but did not contain credit card, financial information, or passport details.
On Saturday, the hackers labeled the data as “leaked,” advising organizations to reconsider their decisions regarding ransom payments due to potential reputational damage. A cybersecurity analyst noted that the breach involves a diverse group of companies, including Gap, Vietnam Airlines, and Disney, among others, suggesting a coordinated attack by a sophisticated group known to operate mainly from the US, UK, and Australia.
Despite the attack, Qantas has assured its customers of continued support, establishing a 24/7 support line and offering identity protection guidance. Salesforce has stated that it will not engage in negotiations regarding the extortion demand and emphasized that its platform has not been compromised.
The stolen data is reported to have been obtained between April 2024 and September 2025 and consists of personal information of both customers and employees. Cybersecurity specialists warn that although financial data was not taken, the leaked personal information could facilitate identity theft and fraud, leading to personalized phishing scams.
Qantas has sought a court injunction to prevent unauthorized access to the stolen data.
Source: https://www.theguardian.com/business/2025/oct/11/hackers-leak-qantas-data-containing-5-million-customer-records-after-ransom-deadline-passes