Table of Contents
Qantas has suffered a serious data breach after hackers leaked the personal information of 5 million customers on the dark web. This leakage happened after a ransom deadline set by the hacker group passed without payment. The airline is part of a larger global cyberattack affecting more than 40 companies and potentially exposing up to one billion customer records worldwide. Squaredtech examines the full scope of the Qantas data breach, its implications for customers, and the wider cybersecurity challenges that come with such large-scale incidents.
Details of the Qantas Data Breach and Hacker Demands
The hacker collective, known as Scattered Lapsus$ Hunters, gained unauthorized access to a Salesforce database in June 2025. This attack resulted in the theft of sensitive customer data from Qantas, including email addresses, phone numbers, birth dates, and frequent flyer numbers. Importantly, the leaked data did not contain credit card details, financial records, or passport information.
The hackers publicly released an extortion note on a dark web data leak site, demanding ransom payments in exchange for preventing the stolen information from being shared online. When the ransom deadline passed without compliance, they leaked the Qantas data alongside stolen information from approximately 40 other global companies.
Check Out Our Article of GrubHub Data Breach Exposes Customer and Driver Information Published on February 6th, 2025 SquaredTech
Jeremy Kirk, a cyber threat analyst at Intel 471, confirmed that alongside Qantas, companies such as Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas were also targeted. Kirk noted that Scattered Lapsus$ Hunters is a skilled threat group operating from countries including the United States, the United Kingdom, and Australia. According to him, this group has been active for some time and has developed expertise in exploiting how companies connect their various systems, making such breaches possible.
Impact on Customers and Qantas’ Response
Qantas responded to the incident by reaffirming its commitment to protecting affected customers. Following the breach, Qantas implemented a 24/7 support line offering specialist identity protection advice. The airline also increased security measures, system monitoring, and training across its teams to prevent future attacks.
In July, Qantas secured an ongoing injunction from the New South Wales Supreme Court. This legal order is designed to prevent unauthorized access, release, use, or distribution of the stolen data by any party, including third parties. Such protection is crucial to limit the damage caused by data leaks, although enforcement in the dark web environment can be challenging.
Squaredtech highlights that exposed personal data, even without financial details, can still pose significant risks. Cybercriminals can potentially use the leaked information to create personalized phishing attacks, tricking users into revealing or compromising financial accounts. There is also the risk of identity theft, as criminals might use leaked birth dates and contact information to fraudulently open financial products like credit cards.
Check Out Our Article of Tea App Data Breach Exposes 13,000 Women’s Photos and IDs to 4chan Hackers Published on July 26th, 2025 SquaredTech
Customers affected by the Qantas breach should closely monitor their bank and credit card statements for unusual activity. Experts advise heightened caution regarding emails or messages requesting sensitive information, given the rise in targeted phishing campaigns made possible by such breaches.
Broader Cybersecurity Context and Salesforce’s Position
The stolen data from this hack spans a period between April 2024 and September 2025 and includes personal and contact data for customers and employees of all affected companies. This dataset reportedly consists of birth dates, purchase histories, and passport numbers, increasing the severity of the breach.
Salesforce addressed the incident by clarifying that its platform itself was not compromised. A spokesperson emphasized that Salesforce will not engage, negotiate with, or pay any ransom demands. The company confirmed collaboration with external cybersecurity experts and authorities to investigate extortion attempts. Its findings suggest the extortion relates to past or unverified incidents, and they continue to provide support to customers impacted by these events.
Squaredtech stresses the importance of this distinction. While the stolen data was gathered from databases hosted on or managed through Salesforce, the platform’s security systems were not directly breached in this case. Instead, the attack exploited vulnerabilities in how the client companies themselves configured or connected their systems, underlining the need for comprehensive security management beyond the cloud provider’s infrastructure.
What this Breach Teaches About Cybersecurity Risks
The Qantas data breach exemplifies the high risk companies face when managing vast amounts of sensitive information that spans multiple integrated systems. Hacker groups like Scattered Lapsus$ Hunters exploit these integration paths to infiltrate databases and steal large troves of data.
Jeremy Kirk underscored the devastating impact such breaches have. “No company wants to see hundreds of thousands or millions of records of their customers just on the internet,” he said. The reputational damage to companies and the personal harm to individuals exposed in these leaks are very real and enduring.
Squaredtech advises that companies must continuously improve cybersecurity defenses, including multi-factor authentication, robust system segmentation, and employee training on cyber risks. Equally, affected customers should exercise vigilance by protecting their personal information and recognizing signs of fraud or phishing.
Looking Ahead: Vigilance and Support Remain Critical
Qantas is currently investigating the full extent of the data leaked and assessing the impact. The airline has stated it is working with cybersecurity experts to understand the data exposure and strengthen defenses. They have also increased internal training and system monitoring since the initial cyber attack in June.
The situation serves as a stark reminder of today’s cybersecurity threat landscape. As hacker groups become more skilled and organized, the consequences of a breach can be far-reaching. Collaboration between companies, cloud providers, law enforcement, and customers is essential to limit the effects of such incidents and prepare better responses in the future.
Squaredtech will continue monitoring developments related to the Qantas breach and global cybersecurity trends. We encourage users to stay informed and attend to their data privacy while pushing companies to maintain transparency and effective protection strategies.
Stay Updated: Tech News
