Personal Data of 5.7M Qantas Customers Leaked on Dark Web

Qantas Airways has disclosed that personal data of approximately 5.7 million customers was leaked on the dark web by a hacker group called Scattered Lapsus$ Hunters.

This data exposure followed the Qantas cyberattack detected in June 2025, when criminals compromised Salesforce, a third-party platform used by one of Qantas’s customer service call centers.

The attackers set a ransom deadline of October 10, 2025, demanding payment from Salesforce. When the ransom was not paid, the hackers released the stolen data publicly on the dark web.

The majority of the compromised data included customers’ names, email addresses, and frequent flyer information such as tier status and points balance.

Around 1.7 million records also contained more personal information, including home or business addresses, dates of birth, phone numbers, gender, and meal preferences.

Qantas confirmed that passport data, passwords, and PINs were not part of the leaked data.

In response to the breach, cybersecurity experts are advising customers to remain vigilant for phishing attempts or targeted emails that may use the stolen data. They recommend verifying any messages claiming to be from Qantas and warn against searching dark web data dumps due to the risks of scams and malware infections.

Qantas has been cooperating with Australian government security agencies and has brought in experts to investigate the incident. The airline has also launched a helpline and is offering identity protection services to customers affected by the incident.

Photo by David Syphers on Unsplash