Hackers leak Qantas data containing 5 million customer records after ransom deadline passes | Qantas

Hackers leaked the personal records of five million Qantas customers on the dark web on Saturday afternoon after a ransom deadline set by cybercriminals expired.

The company is one of more than 40 firms worldwide caught in the hack, which reportedly contained up to 1 billion customer records.

Hacker community Scattered Lapsus$ Hunters posted an extortion note on a data leak site on the dark web last week, demanding payment in exchange for preventing the stolen data from being shared.

Qantas data stolen from its Salesforce database in a major cyber attack in June included customers’ email addresses, phone numbers, dates of birth and frequent flyer numbers. It did not contain credit card information, financial information or passport information.

On Saturday the group leaked the data and wrote: “Don’t be the next headline, you should have paid the ransom.”

_{Sign up: AÜ Breaking News email}

A Qantas spokesperson previously told Guardian Australia their priority after the June attack was “to provide continued vigilance and ongoing support to our customers”.

“We continue to offer affected customers a 24/7 support line and expert identity protection advice,” the spokesperson said.

A Salesforce spokesperson told Guardian Australia the company “will not engage, negotiate or pay any extortion claims”.

The company said in its statement that there is no indication that the Salesforce platform has been compromised.

“We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate that these attempts are related to historical or unsubstantiated events, and we continue to communicate with affected customers to provide support,” the statement said.

Jeremy Kirk, editor-in-chief of Cyber ​​Threat Intelligence, said 44 companies were involved in the leak, including Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea and Adidas.

He said the hacker group is well-known and operates in countries such as the US, UK and Australia.

“This particular group is not a new threat; they have been around for a while,” Kirk said. “But they are very skilled at knowing how companies connect different systems together.”

The global data is understood to have been stolen between April 2024 and September 2025 and contained personal and contact information of the companies’ customers and employees, including birth dates, purchase histories and passport numbers.

“No company wants to see hundreds of thousands or millions of records of its customers just on the Internet,” Kirk said. “This is very bad. It’s very bad for the companies. It’s very bad for the people affected.”

In July, Qantas won an ongoing injunction from the NSW supreme court, providing protection to prevent stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including third parties.

There is no financial data, but criminals could use the leaked personal information to unlock credit cards, Kirk said. He said people should monitor their accounts for suspicious activity and be wary of personalized scam emails.

“Many threat actors these days are now creating personalized phishing emails,” he said. “They’re getting better at it, and these types of violations help kind of fuel this economy, the underground fraud economy.”

Qantas has been contacted for comment.