Hacker collective Scattered Lapsus$ Hunters has issued an extortion note to nearly 40 global companies, including Qantas, demanding ransom by Friday to prevent the leak of up to 1 billion personal data records. The note, posted on a dark web leaks site over the weekend, threatens to expose stolen data from Salesforce databases of companies such as Toyota, Disney, McDonald’s, and Air France-KLM.
The hackers claim to have stolen records between April 2024 and September 2025, including personal and contact information of customers and employees, such as dates of birth, purchase histories, and passport numbers. For airlines, frequent flyer numbers were also allegedly taken. The extortion note demands both the victim companies and Salesforce contact them by 10 October to negotiate payment.
Qantas was previously hit by a major cyber-attack in June, potentially exposing up to 6 million customers' data, though no credit card or passport details were compromised. The airline obtained an ongoing injunction from the NSW Supreme Court in July to prevent the data from being accessed or published. A Qantas spokesperson said the company continues to offer a 24/7 support line and identity protection advice to affected customers.
Salesforce stated it would not engage with or pay any extortion demand, adding that there was no indication its platform had been compromised. The company said its findings suggest the threats relate to past or unsubstantiated incidents. Security researcher Aiden Sinnott of Sophos noted that Scattered Lapsus$ Hunters has a history of large data leaks and often posts intentional misinformation, making it difficult to predict their next move.



