Qantas Airways suffered a severe cyberattack executed by the hacker group *Scattered Lapsus$ Hunters*, resulting in the theft and dark web leak of **over five million customers' personal data**, including names, email addresses, phone numbers, birth dates, and frequent flyer membership numbers. The breach originated from a compromised **third-party customer service platform**, detected on **June 30, 2025**, with the data (153GB) published between **October 11–13, 2025** after Qantas refused ransom demands. While **no financial details were exposed**, the leaked information enables high-risk **spear-phishing, social engineering, and targeted scams** (e.g., fake flight updates or fraudulent redemption offers). The incident also exposed **home addresses of federal politicians**, escalating concerns over identity theft and reputational damage. Qantas secured a court injunction to block data dissemination and is collaborating with cybersecurity experts and authorities to mitigate fallout and fortify systems. The breach underscores vulnerabilities in third-party integrations and the escalating threats posed by ransomware-driven data extortion.
Source: https://travelnoire.com/qantas-airways-data-breach
TPRM report: https://www.rankiteo.com/company/qantas
"id": "qan2695626101725",
"linkid": "qantas",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '5,000,000+',
'industry': 'aviation',
'location': 'Australia',
'name': 'Qantas Airways',
'type': 'airline'}],
'attack_vector': 'third-party customer service platform compromise',
'customer_advisories': ['email alerts detailing compromised information',
'warnings about potential scams'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '5,000,000+',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (enables phishing, identity '
'theft, and targeted scams)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'frequent flyer details',
'home addresses']},
'date_detected': '2025-06-30',
'date_publicly_disclosed': '2025-10-13',
'description': 'Qantas Airways confirmed that hackers stole and leaked '
'personal data of more than five million customers on the dark '
'web after the airline refused to pay a ransom. The '
'cyberattack was carried out by a group calling itself '
"'Scattered Lapsus$ Hunters.' The leaked data includes "
'customers’ names, email addresses, phone numbers, birth '
'dates, and frequent flyer membership numbers, enabling '
'potential spear-phishing and social engineering attacks.',
'impact': {'brand_reputation_impact': 'high (due to large-scale data leak and '
'refusal to pay ransom)',
'data_compromised': ['names',
'email addresses',
'phone numbers',
'birth dates',
'frequent flyer membership numbers',
'home addresses (including federal '
'politicians)'],
'identity_theft_risk': 'high (phishing, social engineering, '
'targeted scams)',
'legal_liabilities': ['NSW Supreme Court injunction against '
'accessing/sharing stolen data'],
'payment_information_risk': 'none (no financial details '
'compromised)',
'systems_affected': ['third-party customer service platform']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'third-party customer service '
'platform',
'high_value_targets': ['federal politicians (home '
'addresses exposed)']},
'investigation_status': 'ongoing (collaboration with authorities and '
'cybersecurity experts)',
'motivation': ['financial extortion', 'data theft'],
'post_incident_analysis': {'corrective_actions': ['system strengthening',
'enhanced monitoring '
'(implied)']},
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'references': [{'source': 'The Guardian'},
{'source': 'ABC News Breakfast (interview with Minister for '
'Cybersecurity Tony Burke)'},
{'source': 'Outpost24 (cybersecurity analysis)'}],
'regulatory_compliance': {'legal_actions': ['NSW Supreme Court injunction '
'against accessing/sharing stolen '
'data']},
'response': {'communication_strategy': ['public disclosure',
'customer emails',
'media statements'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['email notifications to affected '
'customers'],
'remediation_measures': ['strengthening systems',
'collaboration with authorities and '
'cybersecurity experts'],
'third_party_assistance': ['Outpost24 (cybersecurity experts)']},
'stakeholder_advisories': ['email notifications to affected customers',
'public warnings about phishing risks'],
'threat_actor': 'Scattered Lapsus$ Hunters',
'title': 'Qantas Airways Data Breach and Dark Web Leak',
'type': ['data breach', 'ransomware attack', 'dark web leak']}