Qantas is among nearly 40 companies worldwide given until Friday to negotiate with hackers threatening to expose up to 1 billion personal records.
The group Scattered Lapsus$ Hunters reportedly posted the ransom demand on a dark web leaks site, warning that stolen data would be shared unless paid.
They claim to have obtained records from Salesforce databases belonging to 39 firms, including Toyota, Disney, McDonald’s, Puma, Cartier, Adidas, Qantas, Air France-KLM, Google Adsense, Chanel, and IKEA.
The cybercriminals insist both the affected companies and Salesforce contact them before 10 October regarding payment.
“Negotiate the ransom or all customer data will be leaked,” read the message to Salesforce, as seen by security sources.
The breach reportedly occurred between April 2024 and September 2025, compromising personal and contact details of customers and employees, including birthdates, purchase histories, and passport numbers.
Reports suggest airline customers' frequent flyer details were also accessed.
The hackers shared samples, including Qantas data following a prior attack in June that may have impacted 6 million customers.
A Qantas representative stated the airline remains focused on monitoring risks and assisting affected customers.
In July, Qantas secured a court order in New South Wales to block access, distribution, or publication of the stolen data.
“A dedicated support line and identity protection guidance remain available,” the spokesperson said.
Salesforce told CuriosityNews it refuses to negotiate with or pay extortionists.
The company said there is no evidence its systems were breached.
“We are aware of these threats, which experts and authorities investigated. Findings point to past or unverified incidents. We continue assisting impacted customers,” it stated.
Aiden Sinnott of Sophos noted Scattered Lapsus$ Hunters’ history of major leaks.
“Much of their activity involves misinformation, but they also release large datasets. If they possess Qantas data, a leak wouldn’t be surprising,” he said.
Google Threat Intelligence Group analysts suggest the hackers' credibility remains under scrutiny.
Read next
Abuse survivors of Mohamed Al Fayed demand investigation into human trafficking
Survivors of abuse by former Harrods owner Mohamed Al Fayed are demanding a comprehensive investigation into human trafficking, asserting that such an inquiry is necessary to uncover the full extent of the billionaire’s alleged network.
The collective No One Above (NOA), established by victims of Fayed, is urging the
Climate activists criticize Shell for profiting from Iran conflict windfall
Shell announced stronger‑than‑anticipated earnings of $6.9 billion (£5 billion) after its oil‑trading arm profited from surging energy prices amid the Iran conflict, drawing criticism from climate activists.
Rising oil and gas prices during the Middle East turmoil enabled Europe’s largest oil and gas producer to
Jet Fuel Shortage Could Ground Travel, Reshape Vacations and History
What would happen to flights if the world exhausted its oil supply? Clearly, they would be grounded. More pointedly, could airlines simply run out of aviation fuel if the Iran conflict persists and the Strait of Hormuz stays closed?
This question has never arisen before. Air travel has faced unexpected