Massive Data Breach Hits Qantas and Global Companies via Salesforce Attack
Personal data of 5.7 million Qantas customers has been leaked online following a major cyberattack targeting Salesforce software platform. The breach affects dozens of global companies including Disney, Google, IKEA, Toyota, McDonald’s, Air France, and KLM, with hackers now holding the stolen information for ransom.
Key Takeaways
- 5.7 million Qantas customers’ personal data leaked online
- Global companies affected through Salesforce platform breach
- Hackers using social engineering tactics, not sophisticated exploits
- No financial or passport data compromised in Qantas breach
What Data Was Stolen?
Qantas confirmed hackers accessed sensitive customer information including names, email addresses, phone numbers, and birth dates through a third-party customer contact center system. Most leaked data consisted of names, email addresses, and frequent flyer details, while some records included business or home addresses, gender information, and meal preferences.
“No credit card details, personal financial information or passport details were impacted,” Qantas stated. The airline has obtained a legal injunction from the Supreme Court of New South Wales to prevent further distribution of the stolen data.
Expert Opinion on Legal Measures
Cybersecurity expert Troy Hunt expressed skepticism about the effectiveness of legal injunctions: “It’s frankly ridiculous. It obviously doesn’t stop criminals at all anywhere, and it also really doesn’t have any effect on people outside of Australia.”
Global Impact and Corporate Responses
Google acknowledged one of its corporate Salesforce servers was targeted but didn’t confirm if data was leaked. “Google responded to the activity, performed an impact analysis and has completed email notifications to the potentially affected businesses,” said Melanie Lombardi, head of Google Cloud Security Communications.
Salesforce stated it was “aware of recent extortion attempts by threat actors” but provided limited details about the scope of the breach.
Hacking Group and Methods
Cybersecurity analysts linked the attack to individuals associated with Scattered Lapsus$ Hunters, an alliance of cybercriminals. Research group Unit 42 noted the group “asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom.”
The hackers employed social engineering techniques, manipulating victims by posing as company representatives or trusted individuals. The FBI recently issued warnings about such attacks targeting Salesforce, noting hackers posing as IT workers tricked customer support employees into granting access to sensitive data.
“They have been very effective,” Hunt observed. “And it hasn’t been using any sophisticated technical exploits… they have exploited really the oldest tricks in the books.”
Australia’s Growing Cybersecurity Concerns
This incident adds to Australia’s string of major cyberattacks raising concerns about personal data protection. Qantas previously apologized for a mobile app glitch that exposed passenger names and travel details. In 2023, major ports handling 40% of Australia’s freight trade halted operations after hackers infiltrated DP World’s computer systems.
