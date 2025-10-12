Qantas said in July that hackers had targeted one of its customer contact centres, breaching a computer system used by a third party

By Oliver HOTHAM

Australian airline Qantas said Sunday that data from 5.7 million customers stolen in a major cyberattack this year had been shared online, part of a leak affecting dozens of firms.

Disney, Google, IKEA, Toyota, McDonalds and fellow airlines Air France and KLM are also reported to have had data stolen in a cyberattack targeting software firm Salesforce, with the information now being held to ransom.

Salesforce said this month that it was "aware of recent extortion attempts by threat actors".

Qantas confirmed in July that hackers had targeted one of its customer contact centers, breaching a computer system used by a third party now known to have been Salesforce.

They secured access to sensitive information such as customer names, email addresses, phone numbers and birthdays, the blue-chip Australian company said.

Credit card details and passport numbers were not kept in the system, Qantas stressed at the time.

No further breaches have taken place since and the company is cooperating with Australian security services.

"Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline's cyber incident in early July, where customer data was stolen via a third party platform," the company said in a statement.

"With the help of specialist cyber security experts, we are investigating what data was part of the release," it added.

It also said it had obtained a legal injunction with the Supreme Court of New South Wales, where the firm is headquartered, "to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties".

Cybersecurity analysts have linked the hack to individuals with ties to an alliance of cybercriminals called Scattered Lapsus$ Hunters.

Research group Unit 42 said in a note the group had "asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom".

The hackers had reportedly set an October 10 deadline for ransom payment.

Threat intelligence platform FalconFeeds said on X the customer data had been posted on the dark web over the weekend.

Vietnam Airlines, clothing giant Gap and Japanese multinational Fujifilm also had data leaked, it said.

The hackers stole the sensitive data using a social engineering technique, referring to a tactic of manipulating victims by pretending to be a company representative or other trusted person, experts said.

The FBI last month issued a warning about such attacks targeting Salesforce.

The agency said hackers posing as IT workers had tricked customer support employees into granting them access to sensitive data.

The hack of data from Australia's biggest airline comes as a string of major cyberattacks in the country has raised concerns about the protection of personal data.

Qantas apologised last year after a glitch with its mobile app exposed some passengers' names and travel details.

Major ports handling 40 percent of Australia's freight trade ground to a halt in 2023 after hackers infiltrated computers belonging to operator DP World.

Russia-based hackers in 2022 breached one of Australia's largest private health insurers, accessing the data of more than nine million current and former customers.

© 2025 AFP