Qantas data leak deepens as hackers release customer records despite FBI takedown
October 13, 2025
Qantas Airways is facing deepening fallout from a major cyberattack after hackers published what they claim is the personal data of millions of customers online. The leak occurred despite the U.S. Federal Bureau of Investigation taking down some of the hacker group’s websites.
Qantas and the Australian Government refuse to pay ransom to an international hacking network
The data dump marks a new stage in the breach, which began in July when attackers compromised a third-party customer service platform used by Qantas.
The Guardian has reported that the hacker collective Scattered Lapsus$ Hunters released the Qantas data after a ransom deadline set by the group passed on Saturday. The Australian government has maintained its policy of not negotiating or paying ransoms to cybercriminals.
Qantas confirmed the data leak in a statement issued on Sunday:
“Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident in early July, where customer data was stolen via a third party platform. With the help of specialist cyber security experts, we are investigating what data was part of the release.
“Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties. We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.”
The airline detailed the stolen data in the statement as follows:
- Of the 5.7 million Qantas customer records stolen in early July, the majority were limited to name, email address, and Frequent Flyer details.
- A smaller portion of the impacted customer data includes business or home addresses, dates of birth, phone numbers, genders, and meal preferences.
- No credit card details, personal financial information or passport details were impacted. There has been no impact on Qantas Frequent Flyer accounts. Passwords, PINs and login details were not accessed or compromised. The stolen data is insufficient to gain access to these frequent flyer accounts.
Hackers act despite FBI disruption
The FBI this month seized several domains linked to BreachForums, a well-known online marketplace for stolen data used by the hacker group believed to be behind the Qantas attack. The operation was part of a broader international effort targeting the same network responsible for breaches at multiple companies, including Qantas, Air France-KLM, Disney, Google, and IKEA.
According to ABC Australia, the hackers acknowledged the FBI takedown on Telegram, claiming backend servers and all database backups since 2023 had been “seized and destroyed.”
Despite that disruption, the group released Qantas customer data online after its Saturday deadline expired. Experts had predicted that the FBI’s domain seizure would have had little impact on criminal networks that operate across multiple platforms and dark-web forums.
Cybersecurity researcher Troy Hunt told ABC that the seizure was unlikely to prevent data leaks.
“They have the data, they obviously have the website. To be honest, I’ll be very surprised if we don’t see some volume of data leaked tomorrow. They definitely won’t be getting any ransom,” he said. “The reality of it is, taking down a clearweb domain is going to have no impact on criminal elements in the same way that getting an injunction will have no impact on criminal elements. Qantas should work on the assumption that it will be released and circulated broadly.”
Australia’s Transport Minister affected by Qantas data breach
ABC Australia reported that Transport Minister Catherine King confirmed on Sunday that she was among the Qantas customers whose data had been released on the dark web.
“We obviously need to constantly adapt because these people are smart, they are relentless, and they are after our data all of the time,” she said of the hackers, recommending that companies and individuals should remain vigilant.
“It is incumbent on agencies that have this data to protect it as strongly as they possibly can,” King said.
Qantas’ response to data breach and ongoing monitoring
Qantas has confirmed that it is working with Australian and international law enforcement agencies, as well as cybersecurity specialists, to mitigate the impact of the breach and to prevent a recurrence in the future.
“We sincerely apologise to our customers and we recognise the uncertainty this will cause,” said Qantas CEO Vanessa Hudson in a statement issued in July, following the breach. “Our customers trust us with their personal information, and we take that responsibility seriously.”
The airline said it has strengthened internal security, increased staff training and continues to monitor for phishing and impersonation scams linked to the breach.
Its latest customer update warns that fraudsters may pose as Qantas representatives in follow-up messages. It reminds passengers that the airline “will never contact customers requesting passwords, booking reference details or sensitive login information.”
Qantas continues to offer a 24-hour support line for affected customers in Australia and overseas. The Office of the Australian Information Commissioner has opened a formal inquiry into the breach.
A pattern of airline cyber attacks
Cybersecurity analysts say the incident fits a growing pattern of attacks on aviation and travel companies. As AGN has previously reported, the hacker group known as Scattered Spider — also referred to as Muddled Libra — has expanded its focus to airlines, hotels and travel platforms.
These groups often rely on social engineering rather than technical exploits, manipulating employees or help-desk staff to gain access to internal systems.
“Once this group turns its focus to a new sector, follow-on attacks tend to cascade,” Sam Rubin, vice-president at Palo Alto Networks’ Unit 42, told AGN.
The FBI has also previously warned that Scattered Spider affiliates have targeted airline operations, loyalty systems and IT suppliers across multiple jurisdictions.
After the FBI took down the Qantas hackers’ BreachForums leak site, Aaron Bugal of the British cybersecurity firm Sopho, told ABC Australia, it was “just one small win in a long game.”
“These cybercriminals talk a big game,” Bugal added. “They posture, threaten, and demand ransoms. But their bravado doesn’t change the fact that global law enforcement, across agencies with three and four-letter acronyms, is watching — and closing in.”
The publication of Qantas customer data underscores the persistence and scope of the threat, as well as the growing urgency for stronger cybersecurity oversight across the airline industry.
