Qantas Customer Data Posted to Dark Web After Ransom Deadline
Simple briefing on what was posted, what officials said, and what you can do now.
Brief Context
The personal data of approximately 5.7 million Qantas customers was exposed in a July 2025 incident involving a third‑party platform. Qantas states there is no impact to Frequent Flyer accounts and no passwords or financial details were accessed (Qantas newsroom; customer support page).
After a ransom deadline set by a cybercrime collective, reports indicated that Qantas‑related data appeared on dark web channels. A public update thread is archived on X.
Quick Facts What was reported
Reportedly exposed~5.7–6 million customer records
GroupScattered Lapsus$ Hunters
Window of targetingApr 2024 – Sep 2025 (per claims)
Deadline citedOct 11, 11:59pm New York → ~3pm AEDT (Oct 12)
Data types notedNames, emails, phone, birth dates, addresses, gender, frequent flyer #s, points, status tiers
Financial infoPasswords, PINs, credit cards, IDs: stated as not accessed
Qantas statement (site): “No impact to frequent flyer accounts and no personal financial details compromised.”
Salesforce statement (Oct 2): No indication the platform was compromised; extortion attempts under investigation.
Incident Timeline (Interactive)
July 2025: Cyber attack on a third‑party platform used by Qantas; customer records exposed.
Oct 2, 2025: Salesforce notes extortion attempts; says its platform shows no compromise.
Oct 10–11, 2025: Ransom deadline around 11:59pm New York time.
Oct 12, 2025: Reports indicate Qantas‑related data posted to dark web; a BreachForums domain seizure banner also appeared.
What You Can Do Now
- Be alert to emails/SMS/calls that use your name, phone, address, or frequent flyer info to gain trust.
- Access Qantas updates and support: qantas.com
- Qantas 24/7 support line: 1800 971 541 (AU) or +61 2 8028 0534 (intl).
- Enable two‑step authentication on accounts where available.
Guidance in the supplied material suggests careful verification of any unexpected contact. When unsure, go directly to official websites via your own browser tabs.
60‑Second Phishing Check
1) A message says it’s from Qantas and knows your address. It links to a login form. Best next step?
Open a separate tab and navigate to official sites directly.
2) A caller quotes your frequent flyer digits and asks for your one‑time code. What now?
Codes should never be shared. Call published support numbers yourself.
3) An email urges urgent points redemption to avoid loss. It’s from an unfamiliar domain. Action?
Report and visit the site independently via trusted navigation.
Statements Referenced
- Qantas website statement on frequent flyer accounts and financial details.
- Salesforce statement dated Oct 2, 2025 referencing extortion attempts and no platform compromise.
- Public posts/claims attributed to Scattered Lapsus$ Hunters regarding deadlines and releases.
Public post link referenced: Update thread on X.
Related Reading on Karmactive
Open list
Google–Salesforce breach risk & phishing pointers
Jaguar Land Rover cyberattack: cost & supply chain
Collins Aerospace attack: airport check‑ins
iiNet breach: what to do now
AT&T data breach settlement guide
Phishing detection & multitasking study
NSA advisory on messaging app risks
United system outage context
United check‑in policy change
Airline capacity trims
Qantas A321XLR record delivery
SpinOK Android malware reach
Genetic data and platform risk
This section covered the reported posting of Qantas customer data, the statements cited, a brief timeline, and practical steps for readers.
