The Trinity of Chaos ransomware collective (linked to Lapsus$, Scattered Spider, and ShinyHunters) exposed a significant breach of Qantas Airways, leaking substantial PII records of passengers, including loyalty program details, internal communications, and activity histories. The attack, initially disclosed via extortion emails, resulted in regulatory fines for negligence under GDPR-like frameworks (e.g., Australia’s Privacy Act), but the stolen data remains monetized on dark web markets. The breach likely stemmed from Salesforce instance exploitation (via vishing/OAuth token theft in Salesloft’s Drift AI chat integration), aligning with the group’s pattern of targeting high-value corporate data. The leaked samples confirm exposure of millions of customer records, heightening risks of identity theft, phishing, and reputational damage. Qantas’ failure to fully mitigate the incident—despite prior warnings—exacerbates compliance and operational risks, with cybercriminals leveraging the data for ongoing malicious campaigns, including AI-driven social engineering.

Qantas Suffers Major Data Breach Affecting Up to 6 Million Customers Qantas, Australia’s largest airline, has confirmed a cyberattack that compromised the personal data of up to six million customers through a third-party call center platform. The breach was detected on Monday, with threat actors gaining unauthorized access to customer service records. The stolen data may include names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Qantas has assured customers that no financial information, credit card details, or login credentials were exposed. The airline has contained the incident, stating that its internal systems remain secure, and has set up a dedicated support line for affected individuals. Qantas Group CEO Vanessa Hudson apologized, emphasizing the company’s commitment to customer trust and support. The breach follows a series of controversies for the airline, including pandemic-related operational issues and opposition to Qatar Airways’ expansion plans. Authorities, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police, have been notified. Independent cybersecurity experts are investigating the incident. Potential Link to Scattered Spider While the attackers’ identity remains unconfirmed, the tactics used align with those of the Scattered Spider ransomware group, which has recently targeted airlines and retailers in the U.S. and U.K. The FBI has warned about the group’s use of social engineering such as phishing, SIM swapping, and help desk impersonation to bypass multi-factor authentication and steal sensitive data. Scattered Spider, also known as UNC3944, is a sophisticated cybercriminal collective believed to consist of young adults in the U.S. and U.K. The group has been linked to high-profile attacks on MGM Resorts, Caesars Entertainment, and Snowflake customers, often partnering with ransomware-as-a-service (RaaS) providers like ALPHV. Their recent focus on aviation includes breaches at Hawaiian Airlines and WestJet, where they exploited self-service password reset tools. Rising Cyber Threats in Australia The Qantas breach adds to a surge in cyber incidents across Australia. The Office of the Australian Information Commissioner reported a 25% year-on-year increase in data breaches, with 1,113 incidents in the last fiscal year up from 893 in 2023. The health sector was the most targeted, followed by government, finance, and retail. 69% of breaches were attributed to malicious or criminal activity, with phishing and ransomware as the primary methods. Scattered Spider’s evolution from telecom attacks to critical infrastructure and high-profile extortion highlights the growing sophistication of cybercriminal groups. Their use of legitimate remote-access tools and cloud platforms underscores the challenges organizations face in defending against such threats.

On October 10, 2025, Qantas Airways Limited suffered a massive data breach linked to a Salesforce vulnerability, where hackers from the group Scattered Lapsus$ Hunters leaked 153 GB of customer and internal business data (5M+ records). The exposed dataset includes highly sensitive PII—full names, dates of birth, passport numbers, phone numbers, email addresses, mailing addresses, geolocation data, and loyalty program details (frequent flyer numbers, tier status, points balance, and internal CRM metadata like OwnerId, RecordTypeId, and Sensitive_Contact flags). Additionally, internal business reports (e.g., QCC Frequent Flyer Report, QCC Lounges Report) and customer notes (e.g., opt-out preferences, account activity timestamps) were compromised. The breach follows a July 2025 incident involving a third-party vendor, suggesting systemic vulnerabilities. The leak poses severe risks of identity theft, financial fraud, and reputational harm, as threat actors could exploit the data for targeted phishing, account takeovers, or blackmail. The inclusion of internal Salesforce IDs and CRM fields further exposes Qantas to operational disruptions and regulatory scrutiny under global data protection laws (e.g., GDPR, Australia’s Privacy Act). The hackers’ ransomware-like ultimatum (demanding negotiations by October 10) and subsequent public dump escalate the incident’s gravity, signaling potential long-term trust erosion among customers and partners.

Airlines Hit by Cyber Attacks Ahead of Holiday Travel Surge Multiple airlines including Hawaiian Airlines, WestJet, and Qantas reported cyber attacks on their IT systems in the days leading up to the Fourth of July holiday travel rush. The FBI has attributed the incidents to Scattered Spider, a hacking group known for using social engineering and third-party vendor exploits to breach large organizations. Hawaiian Airlines and WestJet confirmed attacks within the past week, with the Federal Aviation Administration (FAA) stating on June 26 that the Hawaiian Airlines breach had no impact on flight safety. WestJet launched an internal investigation, while Qantas disclosed a separate attack on June 25, revealing that a third-party customer service platform was compromised before the breach was contained. The FBI issued a warning on June 28, identifying Scattered Spider as the likely culprit behind the airline sector targeting. Airlines are responding by collaborating with authorities, strengthening cybersecurity measures, and notifying affected customers as investigations continue. The attacks highlight growing cyber risks in the travel industry, particularly as reliance on third-party vendors increases. While no operational disruptions or safety issues have been reported, the incidents underscore the need for heightened security in an increasingly digital travel ecosystem.

Hackers linked to the group Scattered Lapsus$ Hunters breached Qantas’ third-party Salesforce environment in mid-2025, exfiltrating and leaking personal data of 5–5.7 million customers (part of a broader 1-billion-record haul) on the dark web after a ransom deadline expired. The exposed data included names, email addresses, phone numbers, dates of birth, and frequent-flyer numbers, though payment and passport details remained secure. The attack exploited social engineering and credential abuse via integrated third-party connections rather than a direct Salesforce breach. While Qantas obtained an injunction to limit dissemination and enhanced monitoring, the leak heightens risks of phishing, account takeovers, and reputational damage, with regulators scrutinizing vendor controls under Australia’s stricter post-Optus data protection laws. The airline faces increased customer-service costs, identity-protection expenses, and potential penalties, alongside eroded passenger trust and commercial impacts like reduced frequent-flyer engagement. Strategic responses include credential resets, scam-awareness campaigns, and tighter supplier access controls, though long-term reputational recovery remains uncertain.

Qantas suffered a significant cyber incident where 5.7 million customers' personal data—including names, addresses, and potentially other personally identifiable information (PII)—was stolen and leaked on the dark web by the cybercrime group Scattered Lapsus$ Hunters after the airline refused to pay a ransom. The breach originated from a phishing attack targeting a Qantas call center worker in the Philippines, who was tricked into granting access to a third-party platform (Salesforce) containing customer records. The exposed data, which cannot be easily changed (e.g., names, dates of birth), heightens risks of follow-on scams, such as fraudsters impersonating Qantas to extract banking details under the guise of compensation. Customers reported poor communication from Qantas, with many learning of developments via media rather than direct notifications. The breach may result in hefty financial penalties under Australia’s Privacy Act, with experts arguing fines must be substantial to deter corporate negligence. The federal government reiterated its stance against negotiating with hackers, while Qantas offered limited support via IDCARE on a case-by-case basis. The incident underscores systemic vulnerabilities in third-party vendor security and corporate accountability.

Qantas Data Breach Highlights Persistent Cybersecurity Risks and Best Practices The 2023 Qantas data breach served as a stark reminder that even robust security measures can fail, exposing vulnerabilities in digital protection. While basic precautions like strong passwords and private browsing offer some defense, online threats including trackers, phishing schemes, and malware remain pervasive, often exploiting human error or overlooked weaknesses. To mitigate risks, cybersecurity experts emphasize several key practices: - Password hygiene: Regularly updating credentials and using complex, unique passwords ideally managed by a secure password manager reduces the likelihood of unauthorized access. - Phishing awareness: Suspicious links and attachments in emails or messages remain a primary attack vector. Tools like email scanners can help detect and block malicious content before it compromises systems. - Multi-factor authentication (MFA): Adding a second verification layer (e.g., PINs, biometrics, or security tokens) significantly strengthens account security, even if passwords are compromised. - Software updates: Delaying system or application updates leaves devices exposed to known exploits. Timely patches close security gaps and improve overall device resilience. - Antivirus protection: Comprehensive security suites, such as those offering ransomware and spyware defense, provide critical safeguards against evolving threats. Advanced options may include VPNs, anti-tracker tools, and SMS/email monitoring. The incident underscores the ongoing arms race between cybercriminals and defenders, where proactive measures rather than reactive fixes are essential to safeguarding personal and organizational data.

Qantas Airways, Australia’s flagship airline, suffered a cyber incident in July 2024 where hackers breached a third-party platform used by its customer contact center, exposing data of up to 6 million customers. The compromised records included names, email addresses, phone numbers, birth dates, and frequent flyer numbers, though the airline confirmed that credit card details, financial data, passports, passwords, and login credentials remained unaffected. The breach was linked to social engineering tactics, with the FBI warning that the cybercriminal group Scattered Spider—known for impersonating employees to bypass IT security (including multifactor authentication)—was targeting the airline sector. Qantas secured a court order to block further dissemination of the stolen data and implemented enhanced security measures, including staff training and system monitoring. While no ransomware was reported, the incident prompted concerns over identity theft risks and reputational damage. Customers were offered specialist identity protection services, and the airline committed to ongoing updates as investigations continue.

Qantas Airways suffered a major cyber breach in July 2025, where hackers accessed a third-party call center platform containing sensitive customer data. The stolen information included personal details of over five million customers: one million had phone numbers, birth dates, and home addresses compromised, while four million had names and email addresses exposed. Additional leaked data included frequent flyer details, genders, and meal preferences. The breach was linked to the Scattered Lapsus$ Hunters hacker group, which published the data after Qantas refused to meet ransom demands. Despite obtaining a court injunction to block further dissemination, cybersecurity experts like Troy Hunt dismissed its effectiveness, citing past failures in similar cases. The incident follows a wave of high-profile Australian breaches (Optus, Medibank, MediSecure) and aligns with a 25% surge in reported data breaches in 2024, per the Office of the Australian Information Commissioner. Qantas is collaborating with cybersecurity firms and Australian agencies to mitigate fallout, though the leaked data—including addresses and birth dates—poses long-term risks of identity theft and fraud.

Hackers from the Scattered Lapsus$ Hunters group leaked the personal records of 5 million Qantas customers on the dark web after the company failed to meet a ransom demand. The breach, originating from a Salesforce database cyber-attack in June, exposed sensitive customer data, including email addresses, phone numbers, birth dates, and frequent flyer numbers—though no financial or passport details were compromised. The leaked data was part of a larger global hack affecting over 40 companies, with up to 1 billion customer records stolen between April 2024 and September 2025. While Qantas secured a NSW Supreme Court injunction to restrict further dissemination, experts warn the exposed information could enable personalized phishing scams and identity fraud. The hackers publicly taunted Qantas with the message: “Don’t be the next headline, should have paid the ransom.” Salesforce denied platform compromise but acknowledged extortion attempts linked to past incidents. Qantas continues to offer 24/7 support and identity protection advice to affected customers.

A cyberattack targeting Salesforce, a third-party platform used by Qantas, exposed the personal data of 5.7 million customers. The breach, linked to the Scattered Lapsus$ Hunters hacking group, involved social engineering tactics where attackers posed as IT staff to gain unauthorized access. Compromised data included names, email addresses, phone numbers, dates of birth, frequent flyer details, and in some cases, home/business addresses, gender, and meal preferences. While no credit card, passport, or banking details were leaked, the attackers are holding the stolen data for ransom, demanding payment by October 10, 2023. Qantas secured a legal injunction in Australia to prevent further data dissemination, though experts doubt its global effectiveness. The incident is part of a wider campaign affecting other major brands like Disney, Google, and Toyota, highlighting vulnerabilities in shared cloud platforms and the persistent threat of ransomware-driven extortion.

Hackers from the cybercrime collective Scattered Lapsus$ Hunters breached Qantas’ systems via vishing (voice phishing), tricking employees into granting access to customer data stored on a Salesforce-linked cloud platform. The attack, first disclosed in July 2023, resulted in the theft of nearly 6 million customer records, including names, email addresses, phone numbers, birth dates, frequent flyer numbers, home addresses, and gender details—though no credit card data was compromised. After Qantas and Salesforce refused to pay a ransom, the hackers leased the stolen data on the dark web, exposing affected individuals to identity theft, phishing scams, and fraudulent account creation. The breach compounds risks for Australians already impacted by prior incidents (e.g., Medibank, Optus), with authorities warning of impersonation attempts, fake login prompts, and long-term dark web exploitation of personal data. Qantas advised customers to enable two-factor authentication, avoid suspicious links, and monitor for unauthorized account activity.

Cybercriminals exploited a third-party call center in June 2023 to gain unauthorized access to Qantas’ customer data. After stealing over 5 million records (153GB) containing names, email addresses, phone numbers, birth dates, and Qantas Frequent Flyer numbers, the hackers demanded a ransom. When Qantas refused to comply—citing legal protections from an injunction—the attackers leaked the data on both the dark web and open internet on October 7, 2023. Initially sold for $27 on a hacking forum, the dataset was later distributed for free. While no credit card details, passports, or login credentials were compromised, the exposed personal information poses risks of identity theft, phishing, and fraud. The breach was confirmed legitimate by cybersecurity expert Troy Hunt, who found his own family’s data in the leak. Qantas continues investigations with Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP), offering identity protection services to affected customers. The incident is part of a broader campaign by the Scattered Lapsus$ Hunters (SLSH) group, which explicitly targeted Australian businesses, declaring a 'war' on the country’s organizations.

Qantas Airways, Australia’s national carrier, suffered a major cyberattack in early July 2024, where hackers breached a third-party platform (Salesforce) used by its customer contact center. The attack resulted in the theft of sensitive customer data, including names, email addresses, phone numbers, birthdays, home/business addresses, gender, and meal preferences—affecting 5.7 million customers. While no financial data (credit cards, passports) was compromised, the leaked information was later shared online and held for ransom by cybercriminals linked to the Scattered Lapsus$ Hunters group. The breach occurred via social engineering, with hackers impersonating IT staff to trick employees into granting access. Qantas obtained a legal injunction to block further data dissemination, though experts dismissed its effectiveness. The incident is part of a broader attack targeting multiple global firms (Disney, Google, Toyota, etc.) via Salesforce, with hackers demanding ransom by an October 10 deadline. This follows prior Qantas cybersecurity failures, including a 2023 app glitch exposing passenger details and a 2022 ransomware attack on Australian ports operator DP World.