
QANTAS: Caught in Cyberhack ransom demand, again

Qantas has once again found itself in the crosshairs of cybercriminals. This time, as part of a major global extortion attempt that’s hit almost 40 major companies, including Toyota, Disney, and IKEA.
A hacker collective calling itself Scattered Lapsus$ Hunters claims to have stolen nearly one billion records by breaching the systems of global tech platform Salesforce, which handles customer data for countless corporations. The group is threatening to leak sensitive customer data. In the case of Qantas, that involves passport numbers, birth dates plus travel purchase histories. That is unless the ransom demanded is paid by Friday, October 10.

Qantas struck again
Qantas has confirmed it is aware of data samples posted online by the group and is “actively monitoring the situation with the help of specialist cybersecurity experts.”
“Ensuring continued vigilance and providing ongoing support for our customers remain our top priorities following our cyber incident in early July.
“We continue to offer a 24/7 support line and specialist identity protection advice to affected customers and through the ongoing injunction we obtained through the NSW Supreme Court we have legal protections in place to prevent the stolen data being accessed or released.”
This comes just months after the airline’s last major cyber incident, when nearly six million customer records were accessed through a third-party call centre in Manila. That breach exposed names, addresses, phone numbers, and even passengers’ meal preferences, with 2.8 million frequent flyer accounts among the compromised data. That’s out of close to 16 million frequent flyer members.
The human factor: ‘vishing’ the weak link
While Salesforce insists its own systems weren’t hacked, the cybercriminals reportedly used a tactic known as ‘vishing’. That’s short for voice phishing. That involves calling IT helpdesks pretending to be legitimate employees. They tricked staff into installing a booby-trapped version of Salesforce’s Data Loader software, which quietly opened the door to huge customer databases.
Security researchers say the Lapsus$ Hunters group has already targeted several UK retailers and has ties to a wider cybercrime network known as The Com. The name might be cartoonish, but authorities warn this is serious business.

Data on politicians, Chairman’s Lounge members, reportedly stolen
At Senate Estimates this week, Australia’s top cyber cop, Lieutenant General Michelle McGuinness, confirmed that the stolen data includes home addresses and phone numbers of high-level office holders. That’s a sensitive issue given many federal MPs are members of Qantas’s exclusive Chairman’s Lounge.
Canberra is shocked, adding a redenning layer of embarrassment for the airline. Qantas has spent much of 2025 rebuilding trust under CEO Vanessa Hudson, following its turbulent post-Joyce years.
Legal injunction — but the data may already be out there
Qantas has taken the unusual step of securing a court injunction from the NSW Supreme Court to suppress the publication of any leaked personal information. That bars even legitimate media from publication. It’s an attempt to limit the spread of stolen data online.
This legal ploy targets media and social platforms rather than the hackers themselves. The hackers are most likely to be based offshore.
The move is probably more about indicating how seriously Qantas is taking the threat.
CEO pay hit over previous breach
In September, CEO Vanessa Hudson had her annual bonus docked 15% over the earlier Qantas data breach. That cost her $250,000. Other executives also lost their incentives as part of a shared responsibility.

What Travellers can do
With hackers threatening to leak stolen data by Friday, Qantas passengers and more particularly Frequent Flyers and Chairman’s Lounge members should take extra care over the coming days.
Here’s what you should do – which is broadly good anti-cybercrime advice:
1. Change your Qantas Frequent Flyer password
Even if you weren’t directly notified of exposure, update your password and enable multi-factor authentication (MFA) where possible.
2. Ignore suspicious calls and emails
The hackers’ main tactic vishing relies on phone calls. If anyone calls claiming to be from Qantas or ‘IT support’ hang up and contact Qantas through verified channels.
3. Check your frequent flyer activity
Keep an eye out for unusual points redemptions or login activity. You can review your account history via the Qantas app or website.
4. Don’t share your membership number or status level publicly
Chairman’s Lounge, Platinum and Gold members are prime phishing targets because of their higher profile and travel spend. Don’t put images of tickets or membership cards, or screen grabs from the Qantas app online.
5. Be wary of ‘compensation’ scams
Cybercriminals may impersonate Qantas or identity protection services offering help. Always verify through official Qantas links.
6. Use the Qantas support hotline
If you think you’ve been affected, call Qantas’s 24/7 data breach helpline: 1800 971 541 (within Australia) or +61 2 8028 0534 (outside Australia).

2PAXfly Takeout
This latest breach highlights what many cybersecurity experts have been saying for years: the weakest link isn’t the technology, it’s the humans using it.
Other than the steps outlined above, there is not a lot we as members of passengers can do about this breach.
For Qantas, still mending its reputation after a series of customer-service and security stumbles, this is another unwanted headline. For passengers, it’s a timely reminder to treat every Qantas call or email with healthy scepticism.
What did you say?