Qantas Airways has confirmed that cybercriminals have released customer data stolen during a major July cyberattack. The airline said the breach, which affected over five million customers, involved a third-party platform and is now linked to the hacker group Scattered Lapsus$ Hunters.
The stolen data includes personal details such as phone numbers, dates of birth, and home addresses for over one million customers, while millions more had their names and email addresses compromised. The hackers reportedly published the data online after a ransom deadline passed.
Qantas said it continues to work with cybersecurity experts to assess the scope of the data release and maintains an injunction to prevent further dissemination. The breach ranks among Australia’s most serious cyber incidents since the Optus and Medibank hacks of 2022, which spurred new national cybersecurity requirements.
