Hacker collective Scattered Lapsus$ Hunters has leaked the personal records of approximately 5 million Qantas customers on the dark web after a ransom deadline expired. The airline is among more than 40 companies affected by a larger breach that reportedly involves up to 1 billion customer records.
The leaked data, stolen from a Salesforce database in June, includes email addresses, phone numbers, birth dates, and frequent flyer numbers. It does not contain credit card details, financial information, or passport numbers. The group marked the data as 'leaked' on Saturday, stating: 'Don’t be the next headline, should have paid the ransom.'
Jeremy Kirk, an analyst at cyber threat intelligence firm Intel 471, confirmed that 44 companies were included in the leak, including Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas. He noted that the group is well known and operates from countries such as the US, UK, and Australia.
Qantas previously obtained an ongoing injunction from the NSW Supreme Court in July to prevent the stolen data from being accessed or published. A Qantas spokesperson said the airline continues to offer a 24/7 support line and specialist identity protection advice to affected customers.
Salesforce stated it would not engage with or pay any extortion demands, adding that there was no indication its platform had been compromised. The company said it had investigated the extortion attempts in partnership with external experts and authorities.
Kirk warned that while no financial data was leaked, criminals could use the information to open credit cards or generate personalised phishing emails. He advised customers to monitor their accounts for suspicious activity and be cautious of scam emails.
