Cyber Crooks Release Qantas Data Onto Dark Web

Cybercriminals have publicly released personal data belonging to millions of Qantas customers following a ransom deadline earlier this month.

The leak, attributed to the hacker collective Scattered Lapsus$ Hunters, involves the release of the records of 5.7 million customers that include names, dates of birth, email addresses, phone numbers and frequent flyer information.

The group had demanded payment from Qantas — or by extension Salesforce, whose customer database was reportedly used — by October 11, and threatened mass publication if the ransom was not met.

Australia’s national airline was one of 40 companies allegedly targeted by the group, including Toyota, Disney and IKEA.

A statement allegedly from the hackers claimed that if Salesforce did not pay the ransom, it would result in “massive consequences”.

Qantas confirmed that the compromised data stems from a breach the airline detected in July 2025, when attackers accessed a third-party contact centre platform used by the carrier.

The airline says that no passport information, credit card numbers, or login credentials were exposed.

In response, Qantas obtained a court injunction aiming to limit further spread of the stolen data and is working with cybersecurity firms and government agencies to investigate the breach.

Cybersecurity experts warn that the leaked data could fuel a surge in phishing attacks, identity fraud and social engineering scams targeting affected customers.

Meanwhile, Qantas has urged customers to remain vigilant and is offering identity protection support lines.

This incident follows Australia’s growing series of high-profile breaches in recent years, putting renewed pressure on companies and regulators to bolster cyber resilience and data protections.