Qantas Breach

In June 2025, Qantas Airways confirmed a data breach originating from a third-party customer service platform (Salesforce) used by an offshore call center in Manila. The incident was attributed to the threat actor group Scattered Lapsus$ Hunters, who gained access via social engineering (voice phishing) targeting call center staff. After Qantas and Salesforce refused ransom demands, the stolen data was leaked on the dark web in October 2025.

The breach involved a total of 5.7 million unique customer records. While Qantas initially provided broad estimates, post-leak analysis of the raw data (approximately 153GB) identifies the following unique counts:

• 3,000,000 unique Email Addresses

• 3,200,000 unique Phone Numbers (mobile and landline)

• 691,600 unique Home Addresses

The 691.6k unique addresses represent a specific subset of customers who had previously interacted with baggage services or support tickets. Compromised data also included Frequent Flyer numbers, tier status, and in some cases, meal preferences. Qantas has stated that sensitive information such as passwords, credit card details, and passport numbers were not stored on the affected system and were not compromised. The airline is currently facing an OAIC investigation and a class-action lawsuit filed in early 2026 regarding its data retention and third-party security practices.