Hackers have leaked the personal data of 5 million Qantas customers on the dark web after the airline failed to meet a ransom deadline. The cybercriminal collective Scattered Lapsus$ Hunters claimed responsibility, targeting Qantas and over 40 global companies in one of the largest coordinated data extortion campaigns this year. The breach, tied to a Salesforce database attack, has sent shockwaves through the corporate world as investigators scramble to assess the full impact.
Read: US Professor’s Flight to Spain Abruptly Cancelled After Antifa Remarks Spark Uproar
Hackers Release Massive Data Trove
The hacker group Scattered Lapsus$ Hunters published the stolen data on a dark web leaks site on Saturday, marking the Qantas files as “leaked.” The group had issued an extortion note demanding payment in exchange for withholding the data. When the ransom went unpaid, the hackers taunted, “Don’t be the next headline, you should have paid the ransom.” Experts believe the group may have accessed up to one billion customer records globally, targeting companies including Qantas, Toyota, Disney, and Adidas.
Also read: Trump Accused of Weaponizing Justice Department After Letitia James Indictment Sparks Outrage
Global Cybercrime Campaign Unfolds
According to Jeremy Kirk, executive editor of Cyber Threat Intelligence, 44 companies have been affected by the attack. He identified major victims such as Gap, Vietnam Airlines, McDonald’s, and Ikea. “This particular group is not a new threat; they’ve been around for some time,” Kirk said. “But they’re very skilled in knowing how companies have connected different systems together.” Investigations suggest that the attackers operate from multiple countries, including the United States, the United Kingdom, and Australia.
Also read: US Deploys 200 Troops to Israel Amid Ceasefire Mission
Qantas Confirms Data Theft
The stolen Qantas data originated from a Salesforce database compromised in a major cyberattack in June. It included customers’ email addresses, phone numbers, birth dates, and frequent flyer numbers, but did not contain financial or passport information. A Qantas spokesperson stated the airline’s top priorities were “continued vigilance and providing ongoing support for our customers.” The company said it had maintained a 24/7 support line and offered identity protection advice to affected clients.
Also read: Letitia James Indicted as Trump Intensifies Campaign Against Political Rivals
Salesforce Denies Platform Breach
Salesforce, the platform provider implicated in the breach, rejected suggestions that its systems had been compromised. In a statement, a Salesforce spokesperson said, “We will not engage, negotiate with, or pay any extortion demand.” The company said it had investigated “recent extortion attempts by threat actors” and found no evidence of a direct compromise. “Our findings indicate these attempts relate to past or unsubstantiated incidents,” the statement added, emphasizing continued cooperation with external experts and authorities.
Also read: GOP in Turmoil: Johnson Warns Republicans Could “Tear Each Other Limb From Limb”
Legal Battle Over Data Protection
In July, Qantas secured an injunction from the New South Wales Supreme Court to prevent the stolen data from being accessed, used, or published by any party. The injunction remains in effect, but experts say enforcement against anonymous hackers remains challenging. Legal analysts note that while such orders provide a layer of protection, they cannot fully prevent the data’s misuse once it circulates on the dark web.
Also read: DHS Slams NBC Over False ICE ‘Bait’ Story: “Stop the Lies”
Experts Warn of Identity Risks
Although no credit card details were exposed, cybersecurity experts warn that the leaked personal information could be used for fraud. Kirk cautioned that criminals might exploit the data to open accounts or issue credit cards under victims’ names. “People should monitor their accounts for suspicious activity, and beware of scam emails that are personalised,” he said. He further warned that “these types of breaches help fuel that underground fraudster economy.”
Also read: California Becomes First State to Ban Ultra-Processed Foods from School Meals
Massive Timeline of Compromise
Investigations suggest the global data theft spanned from April 2024 to September 2025, covering both customer and employee records from dozens of multinational firms. The leaked datasets reportedly include names, contact details, purchase histories, and passport numbers. Experts say the incident highlights the growing danger of interconnected cloud systems and how a single breach can ripple across industries worldwide.