Qantas is among nearly 40 companies worldwide given until Friday to negotiate with hackers threatening to expose up to 1 billion personal records.
The group Scattered Lapsus$ Hunters reportedly posted the ransom demand on a dark web leaks site, warning that stolen data would be shared unless paid.
They claim to have obtained records from Salesforce databases belonging to 39 firms, including Toyota, Disney, McDonald’s, Puma, Cartier, Adidas, Qantas, Air France-KLM, Google Adsense, Chanel, and IKEA.
The cybercriminals insist both the affected companies and Salesforce contact them before 10 October regarding payment.
“Negotiate the ransom or all customer data will be leaked,” read the message to Salesforce, as seen by security sources.
The breach reportedly occurred between April 2024 and September 2025, compromising personal and contact details of customers and employees, including birthdates, purchase histories, and passport numbers.
Reports suggest airline customers' frequent flyer details were also accessed.
The hackers shared samples, including Qantas data following a prior attack in June that may have impacted 6 million customers.
A Qantas representative stated the airline remains focused on monitoring risks and assisting affected customers.
In July, Qantas secured a court order in New South Wales to block access, distribution, or publication of the stolen data.
“A dedicated support line and identity protection guidance remain available,” the spokesperson said.
Salesforce told CuriosityNews it refuses to negotiate with or pay extortionists.
The company said there is no evidence its systems were breached.
“We are aware of these threats, which experts and authorities investigated. Findings point to past or unverified incidents. We continue assisting impacted customers,” it stated.
Aiden Sinnott of Sophos noted Scattered Lapsus$ Hunters’ history of major leaks.
“Much of their activity involves misinformation, but they also release large datasets. If they possess Qantas data, a leak wouldn’t be surprising,” he said.
Google Threat Intelligence Group analysts suggest the hackers' credibility remains under scrutiny.
Read next
IEA set to urge unprecedented stockpile oil release to lower crude prices
The International Energy Agency is set to request the biggest drawdown of state oil reserves ever recorded, aiming to soothe the price surge sparked by the US‑Israeli strikes on Iran.
The global energy monitor is anticipated to urge its 32 members to free roughly 400 million barrels of emergency
How far could oil prices climb, and what could be the worldwide economic consequences?
Concerns about the world economy have intensified as oil prices have surged past $100 a barrel following the US‑Israel clash with Iran.
Economists warn that a growing chance of an extended war in the key energy‑exporting zone could severely affect living standards globally, reviving fears of a fresh
UK job market stalls as firms stay cautious on hiring
Data indicate that the UK labour market is struggling under weak recruitment demand, with only modest indications of improvement.
Two reports issued on Monday note that firms stay wary of taking on new employees because of cost pressures and economic uncertainty, underscoring the market’s continued fragility.
The monthly employment