Hackers have leaked the personal information of 5 million Qantas customers after a ransom deadline was missed. The stolen data was shared on the dark web by the well-known hacker collective Scattered Lapsus$ Hunters. The attack targeted Qantas and more than 40 companies worldwide, potentially affecting up to 1 billion customer records.
Massive Data Breach Hits Qantas and Global Companies
The hackers demanded payment in return for not releasing the stolen data. When the companies did not pay, the group made the data public. This is one of the largest data leaks in recent years, raising concerns about the safety of personal information stored by major companies.
The stolen Qantas data includes customer email addresses, phone numbers, birth dates, and frequent flyer numbers. Fortunately, credit card details, financial records, and passport information were not stolen. Even without financial details, the leaked information can still be dangerous. Hackers can use personal information to create fake accounts, send scams, or attempt identity theft.
This data breach is part of a larger global cyber-attack. Companies affected include major brands from different industries, such as airlines, clothing, retail, and fast food chains. The breach reportedly took place over a long period, from April 2024 to September 2025, and involved both customer and employee data.
WestJet Reveals Passenger Data Breach Raising Security Concerns
According to Jeremy Kirk, executive editor of Cyber Threat Intelligence, the hacker group is highly skilled at finding weaknesses in how companies connect their systems. He said the scale of the breach is “awful for the companies” and “awful for the people affected,” highlighting the serious consequences of such attacks.
How the Hackers Operated
Scattered Lapsus$ Hunters are known for their skill in accessing company databases. They often look for weak points in systems that connect different parts of a company. Once inside, they can steal large amounts of information quickly and quietly.
In this case, the hackers accessed a Salesforce database used by Qantas. Salesforce has confirmed that its platform was not compromised, and the company does not negotiate with or pay ransoms. The attack shows that even when systems themselves are secure, data can still be at risk if it is shared across multiple platforms.
After stealing the data, the hackers posted an extortion note online, warning companies that they would release the information unless a ransom was paid. When the ransom was not met, the hackers published the stolen records on the dark web, making them accessible to anyone with knowledge of these hidden parts of the internet.
Experts warn that this kind of data leak can lead to a rise in personalized phishing emails. These are fake messages that appear real because they use personal information from the leaked data. Hackers can trick people into sharing passwords, bank details, or other sensitive information. Customers are advised to stay alert, check their accounts regularly, and report any suspicious activity immediately.
Company Response and Customer Support
After the attack in June, Qantas took steps to protect its customers. The company obtained a legal injunction from the NSW Supreme Court. This order is meant to prevent anyone from accessing, using, or sharing the stolen data.
Qantas is also offering 24/7 support and identity protection advice to affected customers. A dedicated support line is available for anyone worried about potential misuse of their personal information. Customers are encouraged to remain vigilant, watch for unusual emails, and monitor their accounts for suspicious activity.
Salesforce, which hosted the stolen data, has stated that the platform itself was not breached. The company emphasizes that it does not engage with ransom demands. Salesforce is working with external experts and authorities to ensure any affected customers receive support and guidance.
The breach highlights how connected systems and shared databases can become targets for cybercriminals. While no financial data was stolen, experts warn that personal information alone can fuel identity fraud and online scams. Users are advised to be cautious about any emails or messages that request personal information, even if they appear to come from legitimate companies.
The global scale of this attack, involving millions of records across dozens of companies, makes it one of the most significant cyber events in recent memory. It underscores the importance of cybersecurity and vigilance in an increasingly connected world.
