Overview

• Qantas says exposed fields include names, email addresses, phone numbers and birthdays, not passport or payment card numbers.
• The airline confirms the trove was posted on the dark web over the weekend and says it has engaged cybersecurity specialists to determine the full scope.
• A source close to the probe says a Salesforce environment used by Qantas was the third-party entry point, after Salesforce reported recent extortion attempts.
• Security researchers attribute the campaign to the criminal group Scattered Lapsus$ Hunters, which claimed responsibility and sought a ransom with a Friday deadline.
• Experts say attackers used social-engineering tactics that the FBI warned last month were being deployed against Salesforce support operations, and an AFP source says data from other major brands was also taken.