Overview

• Scattered Lapsus$ Hunters listed Qantas among roughly 39–40 firms on a dark‑web leak site and set an October 10 deadline to begin ransom talks.
• The collective claims to hold over 5 million personal records and posted a small data sample showing fields such as contact details and frequent‑flyer information, though many entries appear as null and the scope remains unverified.
• Qantas says it detected unauthorised activity in July on a third‑party contact‑centre platform, contained the system and maintains its core systems remain secure.
• Australian authorities are investigating, and Qantas has an ongoing NSW Supreme Court injunction seeking to prevent access to or publication of any stolen data.
• Salesforce states there is no sign its platform was compromised, while a person claiming affiliation with the hackers and security researchers describe voice‑phishing of Salesforce customers as the attack method.