Australian airline Qantas has confirmed that personal data from 5.7 million customers was leaked online following a global cyberattack targeting software firm Salesforce. The breach, part of a larger ransomware incident, has also impacted major companies such as Disney, Google, IKEA, Toyota, McDonald’s, Air France, and KLM.
In a statement released on Sunday, Qantas said hackers accessed a third-party system used by one of its customer contact centres—later identified as Salesforce. The compromised data includes customer names, email addresses, phone numbers, and dates of birth. However, Qantas assured customers that credit card details and passport numbers were not stored in the affected system.
The airline stated that it has taken immediate legal and security measures, including obtaining a Supreme Court injunction in New South Wales to prevent the stolen data from being accessed, shared, or published. “With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” Qantas said.
Cybersecurity analysts have linked the breach to a criminal group known as the Scattered Lapsus$ Hunters, believed to have launched coordinated attacks on Salesforce systems. According to research firm Unit 42, the group had demanded ransom payments by October 10. Data from affected companies, including Vietnam Airlines, Gap, and Fujifilm, has since appeared on the dark web, according to the platform FalconFeeds.
Experts say the hackers used social engineering a technique involving deception to trick company employees into granting access to systems. The FBI recently warned that such tactics are increasingly being used to target Salesforce clients.
The Qantas breach adds to a growing list of cyber incidents in Australia, raising fresh concerns over data privacy and digital security. The airline, which faced a data exposure glitch last year, has apologized to its customers and pledged full cooperation with Australian cybersecurity authorities.
