Overview

• Scattered Lapsus$ Hunters listed Qantas among roughly 39 companies on a leak site and told victims to contact them by 10 October to begin ransom negotiations.
• The group claimed "over 5M+" Qantas records and posted limited samples, with separate assertions of up to about 1 billion records across all affected companies.
• Qantas said NSW Supreme Court injunctions remain in force to restrict publication of stolen data and it continues 24/7 support and identity‑protection advice for impacted customers.
• Salesforce stated there is no indication its platform was compromised and confirmed it will not engage with or pay any extortion demand.
• Google’s Threat Intelligence and other researchers say attackers used phone‑based social engineering of IT help desks to extract Salesforce data, and Australian authorities including the ACSC are investigating.