Hackers Leak Personal Data of 5 Million Qantas Customers on Dark Web
A cybercriminal group has released personal records of 5 million Qantas customers on the dark web after the airline did not meet their ransom demand.
The breach is part of a larger global incident affecting over 40 companies, with reports suggesting up to 1 billion customer records may have been exposed.
The group, known as Scattered Lapsus$ Hunters, posted an extortion message on a dark web data leaks site last week, threatening to release stolen information unless paid. The Qantas data, taken from a Salesforce database during a June cyberattack, included email addresses, phone numbers, birth dates, and frequent flyer numbers. No financial or passport details were compromised.
On Saturday, the hackers labeled the data as “leaked” and warned: “Don’t be the next headline, should have paid the ransom.”
Jeremy Kirk, an executive editor specializing in cybersecurity threats, confirmed that 44 companies were impacted, including Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas. He noted the group has operated for some time and is known for targeting interconnected corporate systems.
A Qantas representative stated that the airline remains focused on monitoring the situation and assisting affected customers. “We continue to provide a 24/7 support line and identity protection guidance,” the spokesperson said.
Salesforce, meanwhile, denied any compromise of its platform and stated it would not comply with extortion demands. “Our investigation, conducted with external experts, found these threats relate to past or unverified incidents. We are working with affected customers,” the company said.
The stolen global data, obtained between April 2024 and September 2025, includes personal and contact details of customers and employees, such as birth dates, purchase histories, and passport numbers.
“No company wants to see millions of customer records exposed online,” Kirk remarked. “It’s harmful for businesses and the individuals involved.”
In July, Qantas secured a court order from the NSW Supreme Court to block further distribution or misuse of the stolen data. While no financial details were leaked, experts warn that exposed personal information could still be exploited for fraud.
Read next
Ryanair plane had only six minutes of fuel upon Manchester landing, records show
Flight Narrowly Avoids Disaster After Storm Diversion
An inquiry has been launched after a Ryanair flight, struggling against severe winds during storm Amy last week, landed at Manchester Airport with only six minutes’ worth of fuel remaining.
The aircraft had been transporting passengers from Pisa, Italy, to Prestwick, Scotland, on
Investors flee record-high UK stocks as EU set to hike steel tariffs
Investors Withdraw Record Sums from Equity Funds Amid High Market Valuations
Data reveals that investors in the UK have withdrawn an unprecedented amount of money from equity funds over the past three months, driven by concerns over soaring stock market valuations.
According to the latest figures from Calastone, the largest
"Intrepid Travel abandons carbon offset and emission reduction goals"
Intrepid Shifts Climate Strategy, Drops Carbon Offsets
One of the travel sector’s most environmentally conscious operators, Intrepid, has decided to end its carbon offset program and abandon existing emissions targets, deeming them unattainable.
The Australia-based global tour company announced it will instead allocate A$2 million (£980,000) annually