Qantas Customer Data Was Published After the July Cyber Breach, Impacting 5 Million People
Published on October 13, 2025
- Data published: Cybercriminals have published customer data on the dark web, stolen from Qantas during a third-party platform breach in July 2025.
- Breach scale: The incident impacted over five million customers, exposing details like names, frequent flyer numbers, and in some cases, addresses and birth dates.
- Attribution: Scattered Lapsus$ Hunters has reportedly claimed responsibility for the data release after a ransom payment deadline passed.
Qantas Airways has confirmed that customer data from over 5 million people was released on the dark web on Saturday, following a cybersecurity incident in July that resulted in the theft of this information.
Scale and Scope of the Qantas Data Breach
The initial Qantas data breach in July was one of Australia's most high-profile cyberattacks. The airline has since confirmed that the customer data leak affected over 5 million customers, according to The Guardian.
While the type of data varied, exposed information included customer names, email addresses, and frequent flyer numbers.
For over one million customers, more sensitive details were compromised, such as phone numbers, home addresses, and dates of birth. However, Qantas has stated that no identity documents, financial details, or account passwords were part of the leak.
Airline's Response and Attributed Group
In response to the dark web release, Qantas successfully sought an injunction from the NSW Supreme Court to prevent the stolen data from being further accessed, transmitted, or published.
While the airline declined to comment on the attribution, reports indicate the hacker group Scattered Lapsus$ Hunters, which unites members of Scattered Spider, Lapsus$, and ShinyHunters, is responsible for the release, allegedly acting after a ransom demand was not met.
The airline stated it was one of more than 40 global companies whose data was published following breaches originating from a third-party platform's compromise. When BreachForums was seized, the ShinyHunters group publicly announced its intention to release the stolen Salesforce data at 11:59 PM New York time on October 10, 2025.
Qantas is advising customers to be cautious of potential scams and has provided a support hotline for those affected.
This development escalates the incident from data theft to public exposure, occurring months after the initial attack. The airline is actively investigating the specifics of the released data set with the assistance of cybersecurity specialists.
These attacks appear linked to a broader campaign targeting Salesforce-connected systems, leveraging social engineering via voice phishing (vishing) and malicious connected app authorization—especially trojanized versions of Salesforce’s Data Loader tool.
The recent wave of Salesforce-related breaches was attributed to Scattered Spider (UNC3944) and ShinyHunters (UNC6040). Other high-profile companies that have been impacted include Google, Cisco, Air France-KLM Group, Adidas, Chanel, and Louis Vuitton.
Crimson Collective declared October 5, 2025, as a “National Cybercrime Day” in connection with a BreachForums post under the Scattered LAPSUS$ Hunters alias that claimed a massive data breach at Red Hat.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular