Qantas Customer Data Leaked on Dark Web: Millions Affected by Hackers

The private information of millions of Qantas customers has recently surfaced on the dark web after hackers made good on threats issued last week.

On October 11, 2025, the cyber extortion group, Scattered Lapsus$ Hunters, took to social media to confirm that details of Qantas frequent flyers had been “leaked” after the company declined to pay a ransom.

The breach includes personal data of 5.7 million Qantas customers, such as names, email addresses, and frequent flyer numbers. In some cases, the stolen information also encompasses home addresses, birth dates, and phone numbers.

Qantas was not alone in experiencing this cyberattack; other firms affected included Disney, Vietnam Airlines, Ikea, and McDonald’s. The hackers managed to infiltrate Salesforce for sensitive information.

On July 2, 2025, Qantas disclosed that a call center had fallen victim to a targeted attack, enabling unauthorized access to a third-party customer service platform.

The airline reported that unusual activity was detected on July 1, prompting immediate cyber defense measures to contain the intrusion.

In a bold message on social media, Scattered Lapsus$ Hunters admonished authorities, stating, “Change your laws, change your policies, change something; we will endlessly attack you until you eventually rewrite your own rules.”

The Australian government has firmly maintained its stance against negotiating with hackers or paying ransoms.

In a statement to The Guardian, Salesforce addressed the issue, saying: “We are aware of recent extortion attempts by threat actors, which we have investigated in collaboration with external experts and authorities. Our findings suggest these attempts are linked to past or unsubstantiated incidents, and we continue to engage with affected customers to offer support.”

How do you think organizations can better protect customer data in the face of such threats?