Hackers say they have leaked the personal records of 5 million Qantas customers on the dark web, after a ransom deadline set by the cybercriminals passed.
The airline is one of more than 40 firms globally caught up in the hack, reported to contain up to 1 billion customer records.
The hacker collective Scattered Lapsus$ Hunters released an extortion note on a data leaks site on the dark web last week, demanding payment in return for preventing the stolen data from being shared.
The Qantas data, which was stolen from a Salesforce database in a major cyber-attack in June, included customers’ email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information or passport details.
On Saturday the group marked the data as “leaked”, writing: “Don’t be the next headline, should have paid the ransom.”
Sign up: AU Breaking News email
Jeremy Kirk, the executive editor of Cyber Threat Intelligence, said 44 companies had been included in the leak including Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas.
He said the hacker group was well known and operated out of countries such as the US, UK and Australia.
“This particular group is not a new threat; they’ve been around for some time,” Kirk said. “But they’re very skilled in knowing how companies have connected different systems together.”
A Qantas spokesperson previously told Guardian Australia its priorities were “continued vigilance and providing ongoing support for our customers” after the June attack.
... continue reading