Hackers have released personal data of 5.7 million Qantas customers on the dark web, making good on their promise to publish the information stolen from the airline’s system this year.
Qantas is one of 40 companies (including Toyota, Disney, Ikea, Air France and KLM) compromised by hacker collective Scattered Lapsus$ Hunters, which stole almost 1 billion records by targeting customers of cloud technology giant Salesforce in July.
Qantas Airways suffered a data breach in July and the hackers demanded $1 million.Credit: Bloomberg
The hackers did not break into Salesforce’s system. Instead, they called the IT helpdesks of the 40 companies – posing as legitimate employees – and convinced them to get access to the systems. In Qantas’ case, a call centre based in the Philippines was reportedly targeted by the hackers.
Having set a deadline of leaking the data over the weekend unless ransoms were paid by either Salesforce or Qantas, the hackers released passenger information on Saturday (Australian time).
The Qantas passenger information released to the dark web includes dates of birth, phone numbers, addresses, emails and frequent flyer numbers. No credit card details, personal financial information or passport details were stolen, and no frequent flyer accounts were compromised.
Loading
Both Salesforce and Qantas had consistently maintained that they would not pay the ransom.
Qantas noted that it was “one of a number of companies globally that has had data released by cyber criminals”.
“With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” a company spokesperson said.
