5.7 Million Qantas Records Exposed in Massive Third-Party Cyber Failure

The Australian airline Qantas has confirmed that personal information for 5.7 million of its customers, stolen in a significant July cyberattack, has now been leaked online. The disclosure, which reportedly appeared on the dark web over the weekend, involves data taken via a third-party system. Qantas acknowledged the breach on Sunday, 12 October, stating it was one of several global firms whose data was revealed by the cybercriminals following the initial July incident.

Stolen Data and Affected Systems

The data theft, which targeted a system used by an external software vendor—identified by a source as Salesforce—exposed customers’ names, email addresses, phone numbers, and dates of birth.

Crucially, the airline stated that passport and bank card numbers were not present in the system that was compromised.

Qantas is currently investigating the precise data that has been leaked, working with cybersecurity experts.

Wider Impact and Context

The breach is linked to the same July cyberattack that also obtained data from dozens of other major international companies, including Air France, KLM, Disney, Google, Ikea, Toyota, and McDonald’s. The software vendor involved had last week admitted to being “aware of recent extortion attempts.”

The data leak follows a series of high-profile cybersecurity incidents in Australia, which have raised significant concerns over data privacy in the country. Previous attacks include:

• The temporary suspension of operations at Australia’s main ports in 2023 due to a cyberattack.
• The theft of personal data belonging to over nine million customers of major telecommunications provider Optus in 2022.

Source: Le Mauricien