Sydney/New Delhi – Millions of Qantas customers’ personal information has been leaked on the dark web following a major cyberattack. Security experts confirmed that approximately 6 million customer records were exposed in July during an attack on a third-party service platform used by the airline.
Exposed Data
The leaked information includes customers’ names, email addresses, phone numbers, birthdates, and frequent flyer numbers.
Qantas has clarified that passwords, PINs, login credentials, identification documents, and financial information remain secure.
“Qantas confirms that no identity documents, credit card numbers, or financial details were accessed.”
— Qantas official statement.
40 Global Companies Targeted
The attack is reportedly carried out by the international cybercriminal group “Scattered Lapsus$ Hunters.”
The group had threatened to release data from approximately 40 global firms linked to cloud software giant Salesforce, including Google, Disney, Toyota, IKEA, Air France, and KLM, unless a ransom was paid.
Hackers set a 3 PM AEDT Saturday deadline for payment and began leaking data from some companies once the deadline passed.
Confirmation from Australian Expert
Australian cybersecurity specialist Troy Hunt (Have I Been Pwned) told ABC that he personally confirmed the Qantas customer data appeared on the dark web.
“A friend overseas messaged me that they found my email and frequent flyer number in the leak. It matched exactly with what Qantas had on file. That confirmed it was real,” he said.
Hunt added that so far, data from only six companies has been released, though the hackers’ communication has been “erratic and unpredictable.”
“The Genie is Out of the Bottle”
Hunt warned that while the original data was removed from the server, it is already in thousands of hands and could reappear on other platforms.
“The genie is out of the bottle. The hackers have launched a new public website where this data could surface again soon,” he said.
International Law Enforcement Action
Recognizing the severity of the breach, the FBI, U.S. Department of Justice (DOJ), and French cyber authorities seized the website run by the hackers.
The seizure occurred less than 24 hours before the ransom deadline set by the group.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
Indian Cybersecurity Expert Insight
Professor Triveni Singh, a senior Indian cybercrime expert and former IPS officer, described the incident as a structural vulnerability in the global digital supply chain.
“This attack is not just a breach of a single company’s data. It demonstrates how an attack on one cloud platform can ripple across the global supply chain. This is a textbook example of a supply chain attack,” said Prof. Singh.
He further noted that stolen data is now considered a strategic asset, rather than merely an economic target:
“Hackers can use this data for identity theft, corporate espionage, and sophisticated psychological manipulation,” he said.
“Indian consumers who hold accounts with Qantas or other international airlines should enable two-factor authentication immediately and exercise caution with any suspicious emails or links.”
Company Response
Salesforce reaffirmed it will not negotiate or pay ransom and reported no evidence of compromise on its core platform.
Qantas confirmed it is assisting affected customers and continues to investigate the breach.
Cybersecurity Takeaway
Experts say this incident highlights that data security is no longer purely a technical issue but a foundation of trust.
As airlines and corporations increasingly rely on digital services, the event underscores the growing need for cyber diplomacy, international cooperation, and data sovereignty worldwide.
