Qantas Data Breach Exposes Data of 5.7 Million Customers
Table of Contents
A massive data breach impacting Qantas, Australia’s flag carrier, has resulted in the publication of personal information belonging to 5.7 million customers on the dark web. The incident, one of the largest data security breaches in Australian history, underscores the escalating threat to personal data held by major corporations.
Qantas first acknowledged a compromise of a system managed by a third-party provider in July, revealing that names, email addresses, phone numbers, and dates of birth were potentially accessed. The airline has assured customers that sensitive financial details, such as passport numbers and banking information, were not stored on the affected platform. “We are investigating with specialists to determine precisely what data was disclosed,” a company statement released this Sunday confirmed.
Salesforce Identified as Potential Source of the Breach
According to a source with knowledge of the investigation, the compromised system is believed to be Salesforce, a leading customer relationship management platform. Salesforce recently reported it had “knowledge of extortion attempts,” suggesting it was targeted by malicious actors. The scope of the attack appears to be far-reaching, with reports indicating that data from numerous other global brands – including Air France, KLM, Disney, Google, Ikea, Toyota, and McDonald’s – may also have been stolen.
Scattered Lapsus$ Hunters Claim Responsibility
Analysts have attributed the breach to the Scattered Lapsus$ Hunters group, a cybercriminal organization known for its aggressive tactics. Reports suggest the group issued a ransom ultimatum prior to publishing the stolen data. Recent filings also indicate that Vietnam Airlines and Fujifilm were also targeted in related attacks.
Australia Faces Increasing Cyberattacks
This incident is the latest in a series of significant cyberattacks to hit Australia. In 2023, operations at major Australian ports – handling approximately 40% of the nation’s freight – were temporarily suspended following a cyberattack. Prior to that, in 2022, Optus, another Australian telecommunications giant, experienced a data theft affecting over nine million customers.
The frequency and scale of these attacks highlight the urgent need for enhanced cybersecurity measures and robust data protection protocols across all sectors. The Qantas breach serves as a stark reminder of the vulnerability of personal information in the digital age and the potential consequences for both individuals and organizations.
