Personal data of 5M Qantas customers leaked on dark web
What's the story
Hackers have leaked personal information of over five million Qantas customers on the dark web. The move comes after a ransom deadline set by the cybercriminals expired. The data breach was part of a larger attack that has affected over 40 companies worldwide and could involve up to one billion customer records in total.
Extortion attempt
Data was taken from a Salesforce database
The hacker group Scattered Lapsus$ Hunters published an extortion note on a dark web data leaks site last week. They demanded payment to prevent the stolen data from being leaked. The Qantas data was taken from a Salesforce database during a major cyber-attack in June. It included customers' email addresses, phone numbers, birth dates and frequent flyer numbers but not credit card details or financial information.
Warning issued
Hackers warned companies not to ignore threats
On Saturday, the hacker group marked the data as "leaked," warning companies not to ignore such threats. The warning read, "Don't be the next headline, should have paid the ransom." Jeremy Kirk, an analyst at cyber threat intelligence company Intel 471, revealed that 44 companies were part of this leak including Gap, Vietnam Airlines, Toyota and Disney among others.
Company responses
Qantas and Salesforce's response to the breach
In light of the data breach, a Qantas spokesperson said their priorities were "continued vigilance and providing ongoing support for our customers." They added that they continue to offer a 24/7 support line and specialist identity protection advice to affected customers. Meanwhile, Salesforce has denied any compromise of its platform in connection with this incident.
Theft details
Criminals could misuse leaked personal information for fraudulent activities
The global data theft took place between April 2024 and September 2025, encompassing personal and contact information of customers and employees from various companies. This includes dates of birth, purchase histories, and passport numbers. While no financial data was involved in this breach, Kirk warned that criminals could use the leaked personal information for fraudulent activities like opening credit cards.