Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Australia’s national carrier, Qantas, has been listed on the dark web, with threat actors showing alleged proof of the cyber attack the airline suffered back in June.
In July, Qantas announced that it had detected unauthorised activity that led to customer and other data being accessed.
“We detected unusual activity on a third-party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure,” the Flying Kangaroo said in a statement in July.
“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates, and frequent flyer numbers.”
While the cyber attack was claimed by the Scattered Lapsus$ Hunters hacking collective, there had been no instances of public ransomware threat or data leakage.
However, Qantas was listed over the weekend on the group’s dark web ransomware page, where the threat actors claimed to have stolen “over 5M+ records of personally identifiable information (PII)”.
Scattered Lapsus$ Hunters claimed to have full names, email addresses, phone numbers, residential addresses, birth dates, and Frequent Flyer numbers.
Additionally, the group posted a sample of the data, which shows fields for names, phone numbers, additional Frequent Flyer details such as expiry dates and more, as well as references to business data. However, the sample lists the majority of these fields as “null”.
Scattered Lapsus$ Hunters has set the data publication date as 10 October 2025, at which time these null fields may be filled with data, provided the group’s claims are legitimate.
“We highly advise you proceed into the right decision, your organisation can prevent the release of this data, regain control over the situation and all operations remain stable as always,” the threat group said.
“We highly recommend a decision-maker to get involved as we are presenting a clear and mutually beneficial opportunity to resolve this matter.”
In response to Cyber Daily’s request for comment, Qantas said it continues to bolster its cyber security and offers continuous support to its customers.
“Ensuring continued vigilance and providing ongoing support for our customers remain our top priorities. We continue to offer a 24/7 support line and specialist identity protection advice to affected customers,” said a Qantas spokesperson.
“We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.”
Be the first to hear the latest developments in the cyber industry.
