Hackers exposed personal data of up to **six million Qantas customers** on the dark web after a **third-party vendor (Salesforce)** refused ransom demands. The breach originated from a **cyberattack on Salesforce’s customer service software**, affecting multiple global firms, including airlines and luxury brands. Compromised Qantas data includes **customer names, email addresses, frequent flyer numbers, dates of birth, physical addresses, and meal preferences**—though financial details and passwords remained secure. The leaked dataset poses risks of **identity theft, phishing, and social engineering attacks**. Qantas responded by offering **free credit monitoring**, reducing executive bonuses by **15%**, and emphasizing improved cybersecurity measures. The incident underscores vulnerabilities in **third-party enterprise software** and the broader aviation industry’s exposure to **supply-chain cyber threats**.
TPRM report: https://www.rankiteo.com/company/qantas
"id": "qan1032410101225",
"linkid": "qantas",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Up to 6,000,000',
'industry': 'aviation',
'location': 'Sydney, Australia (SYD)',
'name': 'Qantas',
'size': 'Large (major international carrier)',
'type': 'airline'},
{'industry': 'technology',
'location': 'USA',
'name': 'Salesforce',
'size': 'Large (enterprise-scale)',
'type': 'software vendor'},
{'customers_affected': 'Unknown (class action lawsuit '
'filed in US)',
'industry': 'aviation',
'location': 'France',
'name': 'Air France',
'size': 'Large',
'type': 'airline'},
{'industry': 'aviation',
'location': 'Netherlands',
'name': 'KLM Royal Dutch Airlines',
'size': 'Large',
'type': 'airline'},
{'industry': 'retail',
'location': 'Global',
'name': 'Cartier',
'size': 'Large',
'type': 'luxury brand'},
{'industry': 'retail',
'location': 'Global',
'name': 'Louis Vuitton',
'size': 'Large',
'type': 'luxury brand'},
{'industry': 'retail',
'location': 'Global',
'name': 'Pandora',
'size': 'Large',
'type': 'luxury brand'}],
'attack_vector': ['exploitation of enterprise software vulnerability',
'dark web data leak'],
'customer_advisories': ['Free credit monitoring offered',
'Urged customers to monitor for suspicious activity'],
'data_breach': {'data_exfiltration': 'Yes (uploaded to dark web forums)',
'number_of_records_exposed': 'Up to 6,000,000',
'personally_identifiable_information': ['names',
'email addresses',
'frequent flyer '
'numbers',
'dates of birth',
'addresses',
'meal preferences'],
'sensitivity_of_data': 'Moderate to High (includes names, '
'emails, frequent flyer numbers, '
'addresses, dates of birth)',
'type_of_data_compromised': ['PII (Personally Identifiable '
'Information)']},
'date_detected': '2024-06-28',
'date_publicly_disclosed': '2024-06-late',
'description': 'Hackers exposed personal data from up to six million Qantas '
'customers on the dark web after a third-party software vendor '
'(Salesforce) refused to meet ransom demands. The breach '
'originated from a cyberattack on Salesforce’s customer '
'service software, affecting multiple global firms, including '
'airlines (Air France, KLM) and luxury brands (Cartier, Louis '
'Vuitton, Pandora). Compromised data includes customer names, '
'email addresses, frequent flyer numbers, dates of birth, '
'addresses, and meal preferences. Qantas confirmed frequent '
'flyer accounts remain secure and offered free credit '
'monitoring services. The breach underscores risks in '
'third-party enterprise software vulnerabilities and '
'highlights broader cyber threats to the aviation industry.',
'impact': {'brand_reputation_impact': 'Moderate (executive bonus reduction of '
'15% to demonstrate accountability)',
'customer_complaints': 'Expected (no specific numbers provided)',
'data_compromised': ['customer names',
'email addresses',
'frequent flyer numbers',
'dates of birth',
'addresses',
'meal preferences'],
'identity_theft_risk': 'High (exposed PII enables phishing, social '
'engineering, or identity theft)',
'legal_liabilities': ['Potential class action lawsuits (e.g., Air '
'France US customers filed suit)',
'Regulatory scrutiny'],
'operational_impact': 'Limited (no disruption to frequent flyer '
'accounts or flight operations reported)',
'payment_information_risk': 'None (no financial details or '
'passwords compromised)',
'systems_affected': ['Salesforce customer service software']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (Qantas data '
'confirmed on dark web '
'forums)',
'entry_point': 'Salesforce customer service '
'software vulnerability',
'high_value_targets': ['Qantas frequent flyer data',
'Air France/KLM customer '
'data',
'Luxury brand customer '
'data']},
'investigation_status': 'Ongoing (dark web data verified by Australian '
'cybersecurity experts)',
'lessons_learned': ['Third-party vendor risks in enterprise software can have '
'cascading effects across industries.',
'Aviation sector is increasingly targeted by '
'cybercriminals exploiting supply chain vulnerabilities.',
'Proactive measures (e.g., multi-layered authentication, '
'staff training) are critical to mitigate social '
'engineering attacks.'],
'motivation': ['financial gain (ransom)', 'data monetization on dark web'],
'post_incident_analysis': {'corrective_actions': ['Qantas: Executive '
'accountability (bonus '
'reductions), customer '
'credit monitoring.',
'Industry-wide: Calls for '
'stronger vendor oversight '
'and cybersecurity '
'resilience.'],
'root_causes': ['Exploitation of vulnerabilities '
'in widely used enterprise '
'software (Salesforce).',
'Inadequate third-party risk '
'management by affected '
'organizations.',
'Growing sophistication of '
'cybercriminal groups targeting '
'high-value sectors (aviation, '
'luxury retail).']},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes (specific amount undisclosed)',
'ransom_paid': 'No (Salesforce refused to pay)'},
'recommendations': ['Strengthen vendor oversight and third-party risk '
'management protocols.',
'Enforce multi-factor authentication (MFA) and zero-trust '
'architectures.',
'Improve staff awareness training to counter social '
"engineering tactics (e.g., 'Scattered Spider' group).",
'Implement adaptive security controls like behavioral '
'WAFs and network segmentation.',
'Enhance transparency and communication during incident '
'response.'],
'references': [{'source': 'PYOK (cybersecurity experts)'},
{'date_accessed': '2024-early',
'source': 'FBI Cyber Division warning'},
{'date_accessed': '2024-06-late',
'source': 'Qantas public statements'}],
'regulatory_compliance': {'legal_actions': ['Class action lawsuit filed '
'against Air France (US '
'customers)']},
'response': {'communication_strategy': ['Public disclosure',
'Customer advisories to watch for '
'suspicious activity'],
'containment_measures': ['Confirmation that frequent flyer '
'accounts remain secure'],
'incident_response_plan_activated': 'Yes (credit monitoring '
'offered, customer '
'advisories issued)',
'remediation_measures': ['Free credit and identity monitoring '
'tools for affected customers']},
'stakeholder_advisories': ['Qantas executives took a 15% bonus reduction to '
'demonstrate accountability.'],
'title': 'Qantas Customer Data Breach via Salesforce Third-Party Vendor',
'type': ['data breach', 'third-party vendor compromise', 'ransomware threat'],
'vulnerability_exploited': 'Vulnerabilities in Salesforce’s customer service '
'software'}