A major cyberattack has exposed the personal data of 5.7 million Qantas customers, after hackers followed through on threats to release the information when ransom demands were ignored. While no credit card details were compromised, sensitive personal information is now circulating on the dark web.
The breach was carried out by the cybercrime collective known as Scattered Lapsus$ Hunters, who targeted Qantas in July as part of a wider global hack affecting around 40 companies linked to cloud software provider Salesforce. The group initially demanded a ransom, but after the deadline passed on Saturday, they released the stolen data online.
According to Qantas, for the majority of customers the stolen data was limited to names, email addresses, and frequent flyer details. However, for some, the breach extended to residential addresses, dates of birth, phone numbers, and gender information. The airline stressed that no credit card or financial details were impacted.
In a statement posted on their Telegram channel, the hackers lashed out at the Australian government, writing: “Change your laws, change your policies, change something, we will endlessly attack you till you eventually rewrite your own rules.” They also claimed to have the resources to continue such attacks and encouraged others to target Australian institutions.
The Australian government has reaffirmed its strict no-ransom policy, maintaining that it will not negotiate with cybercriminals or pay extortion demands. Officials argue that paying ransoms only emboldens attackers and increases the likelihood of future incidents.
Cybersecurity experts warn that the leaked data could be exploited for identity theft, phishing scams, and fraud, urging affected customers to remain vigilant, monitor their accounts, and be cautious of suspicious communications.
This breach underscores the growing threat of supply-chain cyberattacks, where vulnerabilities in third-party platforms like Salesforce can expose multiple global firms. With Australia already a frequent target of cybercrime, the Qantas incident highlights the urgent need for stronger corporate data protection measures and international cooperation to combat cyber threats.
+ There are no comments
Add yours