Up next
Author
Share this @internewscast.com
FacebookXRedditPinterest
Qantas says it’s investigating what data has been released by hackers after cyber criminals said they followed through with a threat to leak the personal information of up to 5.7 million customers.
Qantas confirmed on Sunday it was among several global companies that had data released by cyber criminals.

“With the help of specialist cyber security experts, we are investigating what data was part of the release,” a company spokesperson said.

Injunction in place to prevent data access

In a statement released on Sunday, Qantas said they were one of “a number of companies globally” that were affected by the cyber attack and said they were investigating what data was part of the release.

The airline said it had an ongoing injunction in place via the NSW Supreme Court to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties.
“We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.”
Impacted customers had been contacted in July with what type of personal data was stolen.

“Qantas continues to work closely with Australian government agencies, including the Australian Cyber Security Centre and the Australian Federal Police.”

What data was stolen?

The Qantas data included full names, email addresses and Frequent Flyer details, as well as business and home addresses, dates of birth, phone numbers, gender and meal preferences for a smaller number of customers.

No credit card details, personal financial information or passport details were compromised, nor were passwords, PINs and login details for frequent flyer accounts.

It has offered a support line and specialist identity protection advice to affected customers.

‘Should have paid the ransom’

The data was stolen in a cyber attack in early July from Qantas’ third-party platform provider Salesforce.
Records were stolen by Scattered LAPSUS$ Hunters from 39 major companies, including Qantas, Disney, Toyota and FedEx. Hackers released data for Qantas, Vietnam Airlines, GAP, Fujifilm and two other companies.

The group was holding customers’ data and threatened to release it at 3pm on Saturday AEDT unless Salesforce paid an undisclosed ransom, which it refused to do.
A Salesforce spokesperson said the company would “not engage, negotiate with, or pay any extortion demand”.

On Saturday, the hacking group said the data was “leaked”, writing: “Don’t be the next headline, should have paid the ransom.”

Data ‘all over the clear web’, says cybersecurity expert

Qantas has obtained an injunction from the NSW Supreme Court to prevent the stolen data from being accessed, viewed, released, used, transmitted or published by anyone.
But one cybersecurity expert, Troy Hunt from Have I Been Pwned, said the data was not just on the dark web, but also on the clear web.
The data was taken down on Saturday but was back up on the same hosting provider on Sunday morning, Hunt said.
“It’s all over the place,” he said.

“There’s absolutely no putting the genie back in the bottle.”
Hunt, who is also a victim and had his Qantas data leaked, said all six files were publicly available through a file-sharing service, with the hackers putting up a new clear web address after the domain was pulled down by the FBI.
“It’s not just on the dark web, it’s all over the clear web,” he said.
Hunt said the data could potentially be used for identity theft attacks as it gave hackers more points of verification.

He said Qantas would be “lawyered up” and wary of a possible class action suit.

Hunt said hackers have pivoted from ransomware to attacks on confidentiality, making it even harder for companies to manage extortion attempts.
“We’re now in a position where someone’s saying ‘send us money, we’ll delete all the data, honest promise’,” he said.
“So you can see it’s really not the same as the ransomware of old where you actually had some evidence.”
— With additional reporting from the Australian Associated Press.
Share this @internewscast.com
FacebookXRedditPinterest
You May Also Like
Stephen Rue, CEO, Optus, during the Triple Zero service outage hearing with the Senate Environment and Communications References Committee, at Parliament House in Canberra on Monday 3 November 2025.

Optus Executives Acknowledge Critical Errors in Deadly Triple-Zero Outage: A Call for Urgent Action

The chairman and CEO of embattled telco Optushave been grilled at a…
The 4-word slogan that scares Aussie cyber experts

Controversial Slogan Sparks Alarm Among Australian Cybersecurity Experts

The phrase “Store now, harvest later” sends shivers down the spines of…
The sun turns the early morning sky red as it breaks through clouds on Queensland's Gold Coast.

Alarmingly Low Sunscreen Use: Only 33% of Australians Adhere to Daily Sun Protection Guidelines

A recent analysis by health insurer iSelect reveals a concerning trend: just…

Optus Executives Face Intense Scrutiny Over Prolonged Triple-Zero Outage Delay: What Really Happened?

Optus executives have come under fire for delays in passing on critical…
A timeline of US strikes on boats that have killed 64

Unveiling the Impact: A Chronological Insight into US Strikes on Vessels Resulting in 64 Fatalities

The US military has killed 64 people in 15 strikes that have…
'Massive line of thunderstorms' hits battered state for third day

Relentless Thunderstorms Batter State for Third Consecutive Day: Residents Brace for Continued Severe Weather

For the third day running, fierce storms have battered south-east Queensland, unleashing…
A 38-year-old man is in Royal Darwin Hospital after a quad bike crash that killed an 11-year-old boy.

Tragic Quad Bike Accident Claims Life of 11-Year-Old on Darwin Farm

Tragedy struck a Northern Territory mango farm when an 11-year-old boy lost…

School’s Response to Bullying Incident Leaves Parents Impressed

How are parents raising resilient kids in an age of constant judgement…

UK Train Attack: Man Faces Attempted Murder Charges in Mass Stabbing Incident

A 32-year-old British man has been charged with 10 counts of attempted…

Optus Executives Under Scrutiny as Investigation Launched into Critical Triple-Zero Service Outage

A Senate probe into the debacle was given the green light last…
Hundreds protest major weapons expo in Sydney

Massive Protest Erupts in Sydney Against Controversial Weapons Expo

Hundreds of protesters have gathered outside a major arms expo in Sydney.…
The City of Sydney Council said its rangers have seized two dogs believed to be involved in the attack and are holding them at Sutherland Animal Shelter as investigations are underway.

Two Dogs Confiscated Following Critical Injury of Man in Sydney Apartment Attack

A terrifying incident unfolded in a Sydney unit, where a 55-year-old man…