Newsletters
Australian airline Qantas said Sunday that data belonging to 5.7 million customers stolen in a major cyberattack earlier this year had been shared online, in a breach that has also affected several global companies.
The leak is part of a wider ransomware campaign targeting software giant Salesforce, which has also impacted Disney, Google, IKEA, Toyota, McDonald’s, and fellow airlines Air France and KLM, according to cybersecurity analysts.
Salesforce said earlier this month it was “aware of recent extortion attempts by threat actors.”
Qantas confirmed in July that hackers had targeted one of its customer contact centers, breaching a third-party computer system later identified as Salesforce.
The attackers accessed sensitive customer information, including names, email addresses, phone numbers, and birthdays, the airline said. However, credit card details and passport numbers were not stored in the compromised system.
“No further breaches have taken place since,” Qantas said, adding that it is cooperating with Australian cybersecurity agencies.
“Qantas is one of several companies globally that have had data released by cybercriminals following the airline’s cyber incident in early July, where customer data was stolen via a third-party platform,” the company said in a statement.
“With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” it added.
Qantas said it had obtained a legal injunction from the Supreme Court of New South Wales to prevent the stolen data from being “accessed, viewed, released, used, transmitted or published by anyone, including third parties.”
Cybersecurity analysts linked the hack to individuals connected to a cybercriminal alliance known as Scattered Lapsus$ Hunters.
Research firm Unit 42 said the group had “asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom.”
The hackers had reportedly set an Oct. 10 deadline for ransom payment.
Threat intelligence platform FalconFeeds said on X that Qantas customer data had been posted on the dark web over the weekend.
Other victims reportedly include Vietnam Airlines, clothing retailer Gap, and Japanese conglomerate Fujifilm, FalconFeeds said.
Experts said the hackers stole data using social engineering tactics, manipulating employees by impersonating company representatives or trusted IT personnel.
The FBI last month warned about similar attacks targeting Salesforce, saying hackers posing as IT staff had tricked customer support workers into granting access to sensitive systems.
The breach is the latest in a series of high-profile cyberattacks that have exposed vulnerabilities in Australia’s data protection systems.
Qantas faced criticism last year after a mobile app glitch exposed passengers’ names and travel details.
In 2023, hackers shut down major ports handling 40% of Australia’s freight trade after infiltrating computers belonging to logistics operator DP World.
In 2022, Russia-based hackers breached Medibank, one of Australia’s largest private health insurers, compromising the personal data of more than nine million customers.
1 min read
2 min read
