Hackers tied to a group that identifies as “Scattered Lapsus$ Hunters” have officially published Qantas customer data on the dark web after its ransom deadline expired. This breach, tied to the third-party Salesforce environment originally compromised in mid-2025, exposed the personal details of millions of different customers, including both Australian and non-Australian nationals. This included names, email addresses, phone numbers, dates of birth and even frequent-flyer numbers.
Qantas has indicated that there was no payment data released, and that the hackers were not able to gain access to individual passport records. Estimates range from 5-5.7 million affected individuals, all part of a broader multi-company haul the group believes totaled up to 1 billion. Qantas eventually obtained an injunction to deter dissemination, and the carrier says it has strengthened monitoring capabilities and that it is supporting impacted customers while authorities continue to investigate, according to records from The Guardian.
Hackers Come Good On Qantas Threat
According to reporting standards and statements from Qantas, attackers exfiltrated data from a Salesforce tenant used by Qantas, and they issued an extortion deadline. The group ultimately allowed this deadline to pass, and the group leaked Qantas’ dataset and posted it on a dark website. This incident has been undeniably concerning to the millions of customers who travel with Qantas each year and trust the airline with their personal information.
As previously mentioned, the reported content of this particular information release reportedly included everything from phone numbers to emails and dates of birth. Fortunately, financial information and passport details were not stolen, but the information the hackers did manage to get their hands on is valuable for phishing and account-takeover attempts.
Analysts ultimately said that the group targeted integrated third-party connections and used social engineering and credential abuse as opposed to breaking Salesforce itself. Law enforcement actions briefly disrupted a related public forum, but a data dump proceeded.
What This Means For Qantas
In the near term, Qantas faces higher customer-service loads, identity-protection costs, and reputational risks as this leak fuels targeted phishing against customers. Regulators have been quick to scrutinize the vendor controls and data minimization practices surrounding the interactions between airlines like Qantas and the third-party platforms which are capable of leaking data. Australia’s tougher post-Optus regime ultimately heightens its exposure to penalties and enforceable undertakings across the board. Passengers will certainly be more hesitant to book travel with an airline that continues to lose people’s data.
Qantas has an array of legal tools, and it is not capable of clawing data back. The focus of the airline’s efforts now must shift towards containment of the problem at hand, which includes forcing credential resets and increased monitoring of unusual activity. Additional customer-facing communications will be released that can help customers spot scams early in the process. From a commercial perspective, frequent-flyer engagement could soften if trust continues to wobble, and partners may eventually become unhappy with the additional data protection guardrails put in place.
Investors will ultimately watch for guidance on incident costs and any uplift in cyber operating expenses or capital expenses that come out of this incident. From a strategic standpoint, Qantas must prove that it can sustain these improvements, tighten supplier access and its incident response capabilities, all while coordinating with Salesforce and local law enforcement.
Qantas Aims To Restore Trust
Anyone who has tried to make the argument that there is no bad PR has clearly not worked in the aviation industry or the data protection industry. This incident severely undermined passenger trust in the airline, and the carrier will certainly have to earn it back from passengers, most of whom are increasingly disgruntled with Qantas at this moment in time.
The first part of restoring the reputational harm that this incident has caused will be making calculated efforts to avoid this kind of thing from happening again. Regulators will also have a role to play in ensuring that Qantas stays on track here.
However, business will otherwise carry on as usual for Qantas. The airline undoubtedly has a long-standing history of maintaining passenger loyalty, even when these kinds of unfortunate incidents do occur.
