Qantas is among nearly 40 companies worldwide given until Friday to negotiate with hackers threatening to expose up to 1 billion personal records.
The group Scattered Lapsus$ Hunters reportedly posted the ransom demand on a dark web leaks site, warning that stolen data would be shared unless paid.
They claim to have obtained records from Salesforce databases belonging to 39 firms, including Toyota, Disney, McDonald’s, Puma, Cartier, Adidas, Qantas, Air France-KLM, Google Adsense, Chanel, and IKEA.
The cybercriminals insist both the affected companies and Salesforce contact them before 10 October regarding payment.
“Negotiate the ransom or all customer data will be leaked,” read the message to Salesforce, as seen by security sources.
The breach reportedly occurred between April 2024 and September 2025, compromising personal and contact details of customers and employees, including birthdates, purchase histories, and passport numbers.
Reports suggest airline customers' frequent flyer details were also accessed.
The hackers shared samples, including Qantas data following a prior attack in June that may have impacted 6 million customers.
A Qantas representative stated the airline remains focused on monitoring risks and assisting affected customers.
In July, Qantas secured a court order in New South Wales to block access, distribution, or publication of the stolen data.
“A dedicated support line and identity protection guidance remain available,” the spokesperson said.
Salesforce told CuriosityNews it refuses to negotiate with or pay extortionists.
The company said there is no evidence its systems were breached.
“We are aware of these threats, which experts and authorities investigated. Findings point to past or unverified incidents. We continue assisting impacted customers,” it stated.
Aiden Sinnott of Sophos noted Scattered Lapsus$ Hunters’ history of major leaks.
“Much of their activity involves misinformation, but they also release large datasets. If they possess Qantas data, a leak wouldn’t be surprising,” he said.
Google Threat Intelligence Group analysts suggest the hackers' credibility remains under scrutiny.
Read next
Ryanair plane had only six minutes of fuel upon Manchester landing, records show
Flight Narrowly Avoids Disaster After Storm Diversion
An inquiry has been launched after a Ryanair flight, struggling against severe winds during storm Amy last week, landed at Manchester Airport with only six minutes’ worth of fuel remaining.
The aircraft had been transporting passengers from Pisa, Italy, to Prestwick, Scotland, on
"Qantas customer data for 5 million exposed as hackers release info post-ransom deadline"
Hackers Leak Personal Data of 5 Million Qantas Customers on Dark Web
A cybercriminal group has released personal records of 5 million Qantas customers on the dark web after the airline did not meet their ransom demand.
The breach is part of a larger global incident affecting over 40 companies,
Investors flee record-high UK stocks as EU set to hike steel tariffs
Investors Withdraw Record Sums from Equity Funds Amid High Market Valuations
Data reveals that investors in the UK have withdrawn an unprecedented amount of money from equity funds over the past three months, driven by concerns over soaring stock market valuations.
According to the latest figures from Calastone, the largest