Australian airline Qantas has confirmed that the personal data of 5.7 million customers has appeared online following a major cyberattack earlier this year.
The data breach is part of a wider hack that affected dozens of international companies. Among the organizations affected are Disney, Google, IKEA, Toyota, McDonald’s, Air France, and KLM. The attack targeted software provider Salesforce, with stolen information being used to demand ransom.
According to Qantas, the data includes names, email addresses, phone numbers, dates of birth, and, in some cases, addresses, gender, and meal preferences. The airline emphasized that no credit card information, financial data, or passport numbers were stolen. Previous communications indicate that more than 1 million customers lost sensitive information, including phone numbers, dates of birth, and addresses. In comparison, another four million customers had only their names and email addresses stolen.
The July cyberattack is considered one of the largest in Australia since the incidents at telecom company Optus and health insurer Medibank in 2022, which led to stricter legislation on digital resilience. Qantas stated that the criminals gained access via an external platform that uses Salesforce.
Court order to prevent dissemination
To prevent further dissemination of the stolen data, Qantas obtained a court order from the New South Wales Supreme Court. This order prohibits third parties from viewing, publishing, or passing on the data. However, according to security researcher Troy Hunt, such a measure has little effect because it does not deter cybercriminals and has no legal validity outside Australia.
The airline says it is working with external security experts to investigate exactly what information has been released. According to Australian media, including The Guardian Australia, the hacker collective Scattered Lapsus$ Hunters is responsible for the data dump. The group is said to have published the data after a ransom deadline had passed. Qantas declined to confirm these reports.
Salesforce said it was aware of recent attempts by hackers to extort it. Google previously reported that one of its Salesforce servers had been attacked but did not provide details on any potential data breaches. The company said it conducted an impact analysis and warned potentially affected organizations.
The FBI recently warned of similar attacks on Salesforce systems. Hackers often pose as IT staff to deceive customer service representatives and gain access to sensitive information. According to Hunt, the attackers use classic scamming techniques rather than complex technical means.
The hack at Qantas is the latest in a series of digital incidents in Australia, further fueling concerns about the protection of personal data. The airline came under fire last year when a bug in its mobile app exposed passengers’ names and travel details. Port operator DP World was also affected earlier, temporarily halting nearly half of Australia’s freight flow.