-
- |
-
Hackers Leak 5 Million Qantas Customer Records on Dark Web After Ransom Deadline Passes
Hackers Leak 5 Million Qantas Customer Records on Dark Web After Ransom Deadline Passes
A group of hackers claims to have leaked the personal data belonging to 5 milion customers of the airline Qantas on the dark web. This action was taken after the ransom payment deadline set by the cybercriminals expired.
Qantas is one of more than 40 global companies caught up in this massive hack, which reportedly contains a total of up to 1 billion customer records from various firms.
The hacker collective calling itslef "Scattered Lapsus$ Hunters" released an extortion note on a data leak site on the dark web last week. They demanded payment in exchange for not disseminating the stolen data.
On Saturday, October 11, 2025, the group marked the Qantas data as "leaked", accompanied by the message: "Don't be the next headline, should have paid the random."
What Data Was Exposed?
The stolen Qantas data, which originated from a Salesforce database during a major cyber-attack in June, includes sensitive customer information such as:
- Email addresses
- Phone numbers
- Dates of birht
- Frequent flyer numbers
The airline confirmed that the leaked data does not include credit card details, financial information, or passport details.
Not Just Qantas
According to Jeremy Kirk, an analyst at the cyber-threat intelligence company Intel 471, a total of 44 companies have been included in this leak list. Besides Qantas, other major names include Gap, Vietnam, Airlines, Toyota, Disney, McDonald's, Ikea, and Adidas.
Kirk noted that this hacker group is well-known and operates from various countries, including the US, UK, and Australia. "This particular group is not a new threat, they've been around for some time", Kirk said. "But they're very skilled in knowing how compnies have connected different systems togethers."
The other global data is understood to have been stolen between April 2024 and September 2025, covering the personal information of customers and employees.
Company Responses and Customer Risks
A Qantas spokesperson previously told Guardian Australia that their priorities were "continued vigilance and providing ongoing support for our customers" following the June attack. Qantas continues to offer a 24/7 support line and specialist identity protection advice to affected customers.
Meanwhile, a Salesforce spokesperson stated that the company "will not engage, negotiate with, or pay any extortion demand". Salesforce added that there was no indication their platform had been compromised.
Experts warn that even through no financial data was leaked, criminals can use the leaked personal information to conduct more sophisticated fraud.
"These days, a lot of threat groups are now generating personalized phising emails", Kirk said. "They're getting beeter and beeter at this, and these types of breaches help sort of fuel that economy, that underground frudster economy".
Affected customers are urged to be extremely vigilant of scam emails that appear highly personalized and to continually monitor their accounts for suspicious activity.
Source: https://www.theguardian.com/business/2025/oct/11/hackers-leak-qantas-data-containing-5-million-customer-records-after-ransom-deadline-passes#:~:text=Cait%20Kelly,McDonald's%2C%20Ikea%2C%20and%20Adidas.
Popular article
Need Any Technology Solution
Let’s Work Together on Project
