Over 57,000 Government Records Compromised via Qantas Third-Party Salesforce Breach, Reports Say
Published on October 14, 2025
- Government exposure: The Qantas data breach has exposed over 57,000 government-related records from multiple countries.
- Third-party vector: The breach originated from a Salesforce compromise claimed by the Scattered Spider threat group.
- International impact: It reportedly impacted the Australian Department of Defence, the U.S. State Department, the U.K. Foreign Office, and New Zealand's MFAT.
A major Qantas data breach reportedly resulted in the exposure of sensitive information belonging to tens of thousands of government officials across Australia and its key international allies. The incident, which allegedly stemmed from a compromise of a third-party Salesforce environment, has highlighted significant supply chain vulnerabilities.
Third-Party Breach Leads to Government Data Exposure
Analysis of the leaked data allegedly confirms the exposure of 57,115 government-related records extracted from the larger Qantas leak, underscoring the far-reaching consequences of the initial security incident.
The exposed dataset, approximately 164 GB in size, reportedly contained more than 51,000 unique government email addresses (51,570 matches by domain).
The scope of the government records exposed appears to be substantial, affecting personnel from key allied nations. Reports say among the compromised data are contacts from:
- the Australian Department of Defence,
- the United States Department of State,
- the United Kingdom's Foreign, Commonwealth & Development Office,
- New Zealand's Ministry of Foreign Affairs and Trade (MFAT).
The clearnet domain of BreachForums was recently seized, but the admins, who reports say are ShinyHunters group members, publicly announced their intention to release the Salesforce data leak, and Qantas Airways customer data was released on the dark web on Saturday.
Scattered Spider and the Salesforce Breach Vector
The threat actor group known as Scattered LAPSUS$ Hunters (actors from Scattered Spider, Lapsus, and ShinyHunters) has been linked to the attack. This group successfully infiltrated a Salesforce platform used by a Qantas vendor, leading to the mass data exfiltration.
The use of a widely adopted CRM platform like Salesforce as an attack vector presents a critical security challenge for organizations worldwide.
International Security Implications
The leaked information allegedly includes not only email addresses but also other organizational details, posing a risk of follow-on espionage, phishing campaigns, and other malicious activities targeting government employees.
This international incident raises serious questions about data security protocols within government supply chains.
The recent wave of Salesforce-related breaches was attributed to Scattered Spider (UNC3944) and ShinyHunters (UNC6040) and impacted Google, Cisco, Air France-KLM Group, and more.
Threat group Crimson Collective declared October 5, 2025, as a “National Cybercrime Day” linked to Scattered LAPSUS$ Hunters alias that claimed a massive data breach at Red Hat.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular