Australian airline Qantas has confirmed that personal data belonging to 5.7 million customers has been leaked online following a major cyberattack that also impacted several global corporations, including Disney, Google, IKEA, Toyota, McDonald’s, Air France, and KLM.
The breach stems from a ransomware attack on software giant Salesforce, whose systems were infiltrated by hackers linked to the cybercriminal group Scattered Lapsus$ Hunters, according to cybersecurity researchers. The attackers reportedly set an October 10 deadline for ransom payment before releasing the stolen data on the dark web over the weekend.
Sensitive Customer Data Exposed
Qantas said the compromised information includes names, email addresses, phone numbers, and dates of birth, though credit card details and passport numbers were not affected. The breach occurred in early July, targeting a third-party customer contact centre platform operated through Salesforce.
“Qantas is one of a number of companies globally that has had data released by cybercriminals following the airline’s cyber incident in early July,” the airline said in a statement.
The company added that it is working with cybersecurity specialists and Australian authorities to determine the extent of the leak and has obtained a Supreme Court of New South Wales injunction to block further access or publication of the stolen data.
Global Impact and Investigation
Salesforce acknowledged “recent extortion attempts by threat actors” earlier this month but has not released details about the scale of the breach. Cybersecurity analysts believe the attack was part of a coordinated campaign in which hackers used social engineering techniques — posing as IT workers or trusted representatives — to gain access to sensitive databases.
The FBI recently warned companies about similar tactics targeting Salesforce users, where hackers manipulated customer support staff into granting system access.
Other major companies — including Vietnam Airlines, Gap, and Fujifilm — were also affected, with customer data reportedly circulating on the dark web.
A Pattern of Cyber Vulnerability
This latest breach adds to growing concerns over Australia’s cyber resilience. In recent years, the country has suffered a string of high-profile attacks, including the DP World port shutdown that disrupted 40% of national freight operations and the Medibank hack in 2022 that exposed data from over nine million health insurance customers.
Qantas, which also faced a mobile app data glitch last year, apologised to affected passengers and reiterated its commitment to strengthening data protection measures.
“We recognise this incident has caused concern and inconvenience for our customers. Protecting personal information remains our top priority,” the airline stated.
As authorities continue to investigate, experts warn that the Salesforce breach highlights the rising global threat of third-party cybersecurity vulnerabilities — and the urgent need for stronger digital defences across industries.
