Widespread Leak Affects Millions of Qantas Customers
Millions of Australians have been advised against using fraudulent Qantas compensation offers after a significant cyberattack that constituted the exposure of personal information of up to 5.7 million customers. The airline affirmed that the data had been leaked to the internet following a ransom deadline, which resulted in the availability of stolen records on the dark web.
Scattered Lapsus$ Hunters are hackers who reportedly conducted the breach, which covered Qantas and a number of other multinational corporations that utilised Salesforce software. The stolen data contained complete names, email addresses, frequent flyer information, date of birth, addresses, and phone numbers. There were also instances where other details, like gender and preferences in food, were leaked.
Hackers give Qantas a Data Leakage Deadline
Between April 2024 and September 2025, Salesforce was targeted by a cybercriminal organisation that stole over a billion records of 39 companies, such as Disney, Toyota, McDonald’s, and HBO Max. The hackers placed a ransom deadline of October 11 on Salesforce, threatening to release the information if they did not pay.
This group posted the stolen information after the deadline with a message that read, Do not be the next headline, They should have paid the ransom. The leak has since spread over the dark web forums, which has led Qantas to start checking how much the leak has been exposed.
Salesforce and Qantas Reject Paying Hackers
Salesforce confirmed that it would not bargain and pay any ransom, saying that it had probed and discovered that there was no breach to its central systems. The firm explained the extortion deal as based on past or unproven events.
Salesforce confirmed it would not pay the ransom and said its core systems were not compromised.
Qantas reiterated that it collaborated with the authorities and continued offering services like customer care. One of the spokesmen commented that the airline continues to be customer-oriented by providing an identity protection advice center (24/7 helpline).
Possible Scam Warnings by Experts
Cybersecurity experts have also helped people in Australia to stay vigilant because criminals are now starting to exploit the information leaked. RMIT professor of cybersecurity Matthew Warren warned that a second round of scams would probably occur, where attackers impersonate Qantas to gain more personal information.
Warren said the information will then be used by other criminals under the guise of Qantas, demanding compensation or credit card information. He also said that victims can be targeted by scammers in the form of phone calls, text messages, and emails, since a quarter of the Australian population can potentially be influenced.
Legal Response and Government
The Australian government has further reiterated its stand not to pay ransom in cyber extortion cases. Qantas has won an injunction in the Supreme Court in New South Wales to keep the stolen data hidden or not published. Nonetheless, the order of the court does not apply to non-Australian jurisdictions, i.e., the information is available on the dark web platforms in foreign countries.
Maurice Blackburn law firm has lodged a complaint with the Office of the Australian Information Commissioner claiming that Qantas did not take good care of customer information. The company also stated that it will seek compensation on behalf of the impacted airline passengers, but legal authorities advised that the case might be complicated since the source of the breach was offshore.
The way Australians can protect themselves
The professionals suggest that customers of Qantas should be suspicious of getting these calls or messages that purport to be made by the company. A professor (Richard Buckland) at the University of New South Wales advised not to visit links in unsolicited messages or texts, even when they seem to be genuine.
Qantas has reassured customers that it will never demand passwords, booking references, and payment details over the phone or email. It is advisable for customers to virtualise their accounts by using two-factor authentication and to check all messages by using the official contact method.
Individuals who worry about identity theft may conduct a free credit check to identify any suspicious credit applications. They can also get help from the IDCare, Scamwatch, and Australian Cyber Security Center.
Past Corporate Breaches Cause Concerns
The incident of Qantas is preceded by the cyberattacks on the big Australian companies, such as Optus, Medibank, and Australian Clinical Labs, which are large-scale. The Federal Court has fined Australian Clinical Labs with a fine of $5.8 million in one decision, after over 223,000 records of customers were breached in a 2022 incident.
Hacker specialist Troy Hunt of Have I Been Pwned cautioned that the leak of Qantas may result in identity theft attempts since attackers now have additional validation points to use. He said that Qantas has already paid millions in dealing with this, and now she must deal with class actions.
Also Read: From Forgotten Diamonds to Cockpit Recorders: Brisbane Airport’s Record-Breaking Lost Property Sale
Final Thoughts
Another recent incident to remind us of the increased cyber threats to corporations and consumers is the Qantas data breach. Having millions of personal records floating around the internet, people in Australia are now being advised to be suspicious and cautious of unsolicited messages. Although law courts and investigations are still going on, legal experts emphasise that the best defense against scams and identity theft during online transactions is the use of vigilance.
FAQs
- What happened in the Qantas data breach?
Hackers from the group Scattered Lapsus$ Hunters leaked personal data of up to 5.7 million Qantas customers on the dark web after a ransom demand was ignored. - How many Qantas customers were affected by the data leak?
Around 5.7 million Qantas customers had their personal details exposed, including names, emails, phone numbers, and frequent flyer information. - Was Qantas directly hacked?
No. The breach originated from a third-party service provider using Salesforce software that stored Qantas customer data. - What type of customer data was leaked?
Leaked details included names, addresses, email addresses, phone numbers, dates of birth, gender, and frequent flyer details. No credit card information was compromised. - Who is behind the Qantas cyberattack?
The hacker group known as Scattered Lapsus$ Hunters claimed responsibility for stealing data from 39 companies, including Qantas, Toyota, Disney, and McDonald’s. - Has Qantas paid the ransom to stop the leak?
No. Qantas and Salesforce both refused to pay or negotiate with the hackers, following Australian government policy against ransom payments. - What should Qantas customers do if their data was leaked?
Customers should stay alert for phishing emails or scam calls, enable two-factor authentication, and never share passwords or personal details through unsolicited links. - Can affected customers claim compensation for the Qantas data breach?
Law firm Maurice Blackburn has filed a complaint with the Office of the Australian Information Commissioner and may seek compensation on behalf of affected customers. - How is Qantas supporting affected customers?
Qantas has set up a 24/7 support line and is offering identity protection advice to customers whose data was compromised. - Where was the leaked Qantas data published?
The stolen information appeared on dark web platforms after the ransom deadline passed. The NSW Supreme Court injunction does not apply to international sites.
:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/61482385/shutterstock_750514996.0.jpg){kind=link}