Qantas Airlines customer data leaked on dark web after ransom deadline passes

The personal records of approximately five million Qantas customers have reportedly been leaked on the dark web by a hacker collective. This is after the popular Australian airline failed to pay the ransom within the stipulated time.

In June this year, Qantas disclosed that it had suffered a major breach which saw customer data stolen from a third-party platform used by one of the airline's contact centres. While initial reports indicated up to six million records were compromised, the hacker group, identified as Scattered Lapsus$ Hunters, claimed responsibility for leaking data belonging to five million customers after the ransom demand went unpaid.

The leaked data includes sensitive personal details such as:

• Customer names

• Email addresses

• Phone numbers

• Dates of birth

• Qantas Frequent Flyer numbers (including tier status and points balances for some customers)

• Residential and business addresses for a subset of customers.

Qantas has maintained that no credit card details, financial information, or passport details were stored on the compromised third-party system and, therefore, were not exposed in the breach.

The cyber-attack is part of a widespread extortion scheme that broke out in June, targeting multiple global companies that use cloud software giant Salesforce's platform. Qantas has been in contact with affected customers and offered a 24/7 support line and identity protection advice.

In a statement, a Qantas spokesperson reiterated the airline's focus on "continued vigilance and providing ongoing support for our customers." Salesforce has publicly stated that it will not engage with or pay any extortion demands and that there is no indication its core platform has been compromised.

The fallout and future risk

The exposure of this personally identifiable information (PII), while not including direct financial data, significantly increases the risk for Qantas customers of falling victim to targeted phishing scams, identity theft, and other social engineering attacks. Criminals can leverage the leaked PII to make fraudulent communications more convincing.

Qantas had previously obtained an injunction from the New South Wales Supreme Court aimed at preventing the stolen data from being accessed or published. However, the hacker collective marked the Qantas data as "leaked" on their dark web site, adding a message that suggested the company should have paid the ransom."

Affected customers have been urged to remain vigilant against unsolicited communications and to use multi-factor authentication on all their online accounts.