.png)
QANTAS Airways has confirmed that customer data stolen during a major cyberattack in July has now been published online by cybercriminals, making it one of several companies worldwide affected by the breach.
In a statement on Sunday, the Australian airline said the information was obtained via a third-party platform during the attack and involved the personal details of millions of customers.
"Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident in early July, where customer data was stolen via a third-party platform," the airline said.
Qantas initially disclosed in July that more than one million customers had sensitive data such as phone numbers, dates of birth and home addresses accessed in what became one of Australia's most significant data breaches in recent years.
An additional four million customers had their names and email addresses compromised.
The breach is considered Australia's most high-profile cyberattack since the 2022 hacks targeting telecoms giant Optus and health insurer Medibank, which led to tighter national cyber resilience laws.
The airline said it is working with specialist cybersecurity experts to determine the full extent of the released data and continues to enforce a court injunction preventing the use or distribution of the stolen information.
"We have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties," Qantas stated.
According to The Guardian Australia, the data leak was carried out by the hacker collective known as Scattered Lapsus$ Hunters, after a ransom deadline passed. Qantas declined to comment on that report.
Authorities and cybersecurity experts are continuing to investigate the breach, which raises further concerns over the vulnerability of critical data infrastructure and the growing scale of ransomware threats. - October 12, 2025
