Hackers Threaten to Release 153GB of Stolen Qantas Data in Global Ransom Plot

Qantas is facing renewed cyber pressure as a coalition of notorious hacker groups threatens to release 153 gigabytes of stolen customer data unless their ransom demands are met by Friday. The ultimatum, aimed at enterprise software giant Salesforce, has intensified fears of a large-scale data leak that could expose the personal details of millions of Australians.

The threat originates from a collective calling itself the Scattered Lapsus$ Hunters, believed to comprise members of Scattered Spider, Lapsus$, and ShinyHunters — groups previously linked to major global breaches targeting corporations such as Uber, Microsoft, and Electronic Arts. The hackers claim to have obtained customer information from Qantas’ Manila call centre through Salesforce’s systems, which are widely used by blue-chip companies including Disney, Google, Ikea, and McDonald’s.

Samples of the data were published on the dark web earlier this week, showing names, contact details, birth dates, frequent flyer numbers, meal preferences, and postal addresses belonging to Qantas customers. The post was briefly taken down on Wednesday before reappearing with renewed threats to escalate the leak if Salesforce refuses to pay.

Salesforce has maintained a firm stance, confirming it will not negotiate or comply with extortion demands. The company said its security teams are continuing to investigate and that the incident appears linked to prior breaches rather than a new compromise. Salesforce has advised clients to be on high alert for phishing and social engineering scams targeting affected users.

Qantas, which obtained an injunction from the NSW Supreme Court to prevent the distribution or publication of any stolen information, is working with the Australian Cyber Security Centre and other agencies to investigate. The airline said it had increased internal monitoring, improved staff training, and introduced new security measures following the incident.

Cybersecurity analysts have cautioned against dismissing the threat. Experts from Sophos and Tenable noted that while hacker groups often mix misinformation with legitimate data to heighten panic, the scale of the claimed theft suggests the ransom attempt could be credible. Analysts warn that the groups involved have a history of leaking massive datasets when demands are ignored.

Since the breach, affected Qantas customers have reported a surge in targeted phishing scams, including fraudulent emails offering refunds and frequent flyer cashbacks. The airline has urged passengers to verify any communications purporting to come from Qantas and to avoid clicking on suspicious links.

The fallout has also extended to the executive level. In its 2025 financial report, Qantas reduced short-term bonuses for senior executives by 15 percent in acknowledgment of the breach’s severity. Chief executive Vanessa Hudson saw a $250,000 reduction, bringing her annual remuneration to $6.3 million.

While Qantas has not offered financial compensation to affected customers, it has extended loyalty rewards, providing at least 40 status credits to frequent flyers in August following its announcement of a $2.39 billion profit.

Meanwhile, law firm Maurice Blackburn has lodged a complaint with the Office of the Australian Information Commissioner, signalling the first steps toward a potential class action against Qantas over the handling of the breach.

With the hackers’ deadline approaching, cybersecurity experts warn the next 48 hours will be critical in determining whether the stolen data resurfaces online — and how much damage it could inflict on the airline’s already shaken reputation.

Photo Credit: DepositPhotos.com