Qantas Customer Data Confirmed Leaked on Dark Web After Cyber Attack

A cybersecurity expert has confirmed that the personal data of Qantas customers has been leaked on the dark web following a major cyber-attack earlier this year. Up to six million records were exposed, including names, emails, phone numbers, birth dates, and frequent flyer details.

The breach stemmed from a July cyber-attack on a third-party platform used by Qantas, which was part of a wider campaign targeting global companies linked to cloud software giant Salesforce. The cybercrime group known as Scattered Lapsus$ Hunters had threatened to release stolen data from around 40 firms including Disney, Google, IKEA, Toyota, Air France, and KLM unless a ransom was paid.

The hackers reportedly gave Salesforce a deadline of 3 p.m. AEDT on Saturday to meet their demands. When the ransom was not paid, portions of the stolen data began appearing on the dark web.

Australian cybersecurity expert Troy Hunt, founder of Have I Been Pwned, confirmed that Qantas customer data was among the leaked files. While speaking to the media, Hunt received a message from a friend overseas who believed they had found his personal details in the breach. After sharing the last two digits of his frequent flyer number, Hunt quickly received confirmation that his unique Qantas-linked email address was indeed part of the leak.

Hunt noted that the hackers had not yet released data from all the companies involved. “They’ve only released six at this point in time,” he said, adding that the group’s communication had been erratic and unpredictable, with repeated threats that “everything was going to be leaked.”

The incident highlights the growing risks posed by large-scale cybercrime syndicates targeting global supply chains. For Qantas customers, the exposure of sensitive personal information raises concerns about identity theft, phishing scams, and fraud.

Qantas has previously stated that it is working with authorities and cybersecurity experts to investigate the breach and provide support to affected customers. However, the confirmation of leaked data on the dark web underscores the seriousness of the attack and the challenges of protecting customer information in an increasingly hostile digital environment.