Qantas confirms cybercriminals released stolen customer data

Australian airline Qantas confirmed that hackers have recently published data they stole in a cyberattack this summer.

Qantas told customers it has an Australian court injunction in place to stop people within the country from accessing, viewing or releasing the data. It is currently investigating what data was leaked.

The acknowledgement of the leak comes after the Scattered LAPSUS$ Hunters cybercriminal organization published information on Friday that was stolen from Qantas and five other large companies. The six are part of a larger group of about 40 high-profile customers of Salesforce initially listed on the cybercriminals’ leak site two weeks ago.  

“Qantas is one of a number of companies globally that has had data released by cyber criminals following a cyber incident in early July, where customer data was stolen via a third party platform,” the company said on Monday. 

Qantas added that its assessment of the incident has not changed since July, when they told customers that the information of about 5.7 million people was exposed during the cyberattack. 

About 2.8 million customers had names, email addresses and Qantas Frequent Flyer numbers leaked. At least 1.7 million other customers had some combination of that information and either home addresses, dates of birth, phone numbers, meal preferences or genders exposed. 

No credit cards or passport details were leaked, the advisory said. The stolen information cannot be used to breach Qantas Frequent Flyer accounts, the company said. Customers have been contacted directly and given advice based on the type of information stolen. 

Qantas said this week that it has created a phone support line and is continuing to work with Australian government agencies as well as the Office of the Privacy Commissioner in New Zealand to assist victims. 

The airline urged customers to be wary of any messages purporting to be from Qantas and to watch all accounts for suspicious activity. 

“We are aware of increased reports of scammers impersonating Qantas. These scammers are attempting to use the heightened awareness of our situation to entice Qantas customers to click through links or share personal details,” the company said.

Last month, Qantas said senior leaders at the airline have had their annual bonuses reduced by 15% following the cyberattack — including a $250,000 reduction in pay for Qantas Group CEO Vanessa Hudson.

None of the other companies whose data were leaked by Scattered Spider this weekend responded to requests for comment. 

VNCERT, Vietnam’s cybersecurity agency, confirmed to a local news outlet that Vietnam Airlines was listed on the Scattered LAPSUS$ Hunters site and said it is in the process of investigating the leak. 

The data breach website HaveIBeenPwned looked through the batch of data from Vietnam Airlines and said dates of birth, email addresses, names, phone numbers and loyalty program details were leaked. The data ranges from November 2020 to June 2025. 

Scattered LAPSUS$ Hunters initially demanded a ransom from Salesforce, pledging to stop extorting the company’s customers if an undisclosed sum was paid. Salesforce refused to pay the ransom and batches of data were released late Friday evening. 

On Sunday, the FBI confirmed it took down several domains the hackers were planning to use to post the stolen data but the hackers created a new platform almost immediately where the stolen information can be accessed.