Australian airline Qantas has confirmed that personal data of nearly 5.7 million customers was leaked online following a massive cyberattack that also targeted other global companies. The data breach, which affected Disney, Google, IKEA, Air France, KLM, and several others, stemmed from a coordinated hack on Salesforce, a widely used business software provider. The compromised data includes sensitive customer details such as names, email addresses, phone numbers, and dates of birth.
Read more : major-cyberattack-hits-european-airports-flights-disrupted/
Qantas stated that the attack originated from a breach in one of its third-party customer contact systems, later identified as Salesforce. The company emphasized that while no financial information or passport details were compromised, customer data such as frequent flyer details and meal preferences were exposed. In response, Qantas secured a legal injunction from the Supreme Court of New South Wales to prevent the stolen data from being shared or used further.
Despite the injunction, cybersecurity experts warned that it might do little to contain the spread of leaked information. Experts criticized the move as largely symbolic, noting that such legal actions cannot realistically stop criminals from circulating data online. Cybersecurity analyst Troy Hunt remarked that the injunction “doesn’t stop criminals anywhere” and has minimal effect outside Australia.
Meanwhile, Salesforce admitted awareness of extortion attempts linked to the incident and said it was cooperating with affected companies. Analysts have connected the cyberattack to a criminal alliance known as “Scattered Lapsus$ Hunters,” accused of targeting Salesforce clients in a coordinated ransom operation. The group reportedly demanded payment by October 10, threatening to release stolen data if their demands were unmet.
Experts revealed that hackers used social engineering techniques—manipulating employees into providing access—rather than complex technical breaches. The FBI recently warned of such scams, describing them as one of the “oldest tricks in the book.” This latest incident adds to Australia’s growing list of cyberattacks, including breaches at major ports and airlines, raising serious concerns over the nation’s digital security and data protection measures.