Hackers publish data of 5.7 million Qantas customers online

Australian flag carrier Qantas Airways has confirmed that personal data stolen in a mid-2025 cyberattack has now been released on the dark web, escalating what was already one of the country’s most serious corporate data breaches.

The airline said on Sunday that cybercriminals had published stolen records affecting about 5.7 million customers. The breach originated in late June, when hackers infiltrated a third-party customer service platform later identified as Salesforce, a U.S.-based provider of cloud-based customer relationship management software.

Qantas said it had initially detected “unusual activity” on June 30 on the external platform used for its call center operations and took immediate steps to contain the breach. At the time, the airline acknowledged that customer data had been accessed but said there was no evidence of public release. That changed this week, when cybersecurity analysts discovered the data being circulated on the dark web by a group calling itself Scattered Lapsus$ Hunters.

The leaked information reportedly includes customer names, email addresses, and frequent flyer numbers. For a smaller number of customers, the exposed details extend to phone numbers, postal or business addresses, dates of birth, genders, and even meal preferences. Qantas emphasized that no credit card information, identity documents, financial details, or passport data were stored in the compromised system, and that login credentials, passwords, and PINs were not affected.

To mitigate potential harm, Qantas previously obtained an injunction from the New South Wales Supreme Court prohibiting the publication, sharing, or exploitation of the stolen data. However, cybersecurity experts have questioned the effectiveness of such orders against anonymous cybercriminals operating outside legal jurisdictions.

Troy Hunt, an Australian cybersecurity researcher, said that while injunctions may serve as a symbolic measure, they have little practical impact. “It’s completely useless,” he said, noting that similar court orders in other high-profile breaches had been ignored.

Qantas said it continues to work with leading cybersecurity experts and is cooperating with the Australian Federal Police and the Australian Cyber Security Centre in an ongoing investigation. The company has established a 24-hour helpline and is offering identity protection services to affected customers.

The airline also urged customers to remain cautious of phishing attempts and scam communications that might leverage the stolen information to impersonate Qantas or other trusted entities. Even limited personal data such as frequent flyer details and dates of birth can be used to make fraudulent messages appear legitimate.