Threat actors behind the attack on Australia's Qantas Airways have leaked customer data on the dark web.
On Sunday, Qantas admitted that it was “one of a number of companies globally that has had data released by cybercriminals following the airline’s cyber incident in early July, where customer data was stolen via a third-party platform.”
Almost six million Qantas customer details were stolen in a security breach, including customer names, email addresses, phone numbers, dates of birth, and frequent flyer numbers – in what is considered one of Australia’s most high-profile cyberattacks.
Hackers have also obtained data from other companies using Salesforce-connected systems like Disney, Google, IKEA, Toyota, McDonald's, and airlines Air France and KLM.
However, the company assured that customer financial information was not impacted.
"Passwords, PINs, and login details were not accessed or compromised," Qantas said in a statement.
"Qantas confirms that no identity documents, credit card numbers, or personal financial details were accessed or compromised as a result of the incident."
Still, threat actors could use the data to orchestrate phishing or social engineering attacks and target Qantas customers directly.
The company said it is working with cybersecurity experts to understand what exact data was released, adding that it has an ongoing injunction from the NSW Supreme Court in place to prevent the stolen data from being accessed, viewed, or published. In practice, the order prevents third parties from interacting with data if it is released by attackers.
Hacker collective Scattered Lapsus$ Hunters had reportedly threatened to publish the information from over 40 firms linked to Salesforce unless its ransom demands are met. The deadline was set for 3 p.m. AEDT on Saturday.
In response to ransom demands, Qantas has filed a lawsuit against “persons unknown.” The so-called “persons” include everyone who had participated in the stealing of data, communicating ransom demands to Qantas, or releasing the data online.
Salesforce also said on Saturday that it would "not engage, negotiate with, or pay any extortion demand".
According to The Guardian, the hacker collective marked the data as “leaked” on Saturday, writing: “Don’t be the next headline, should have paid the ransom.”
Australian online security expert Troy Hunt from Have I Been Pwned confirmed that Qantas customer data had been leaked on the dark web. He added that it appears that hackers had only released details from six companies at this point.
Your email address will not be published. Required fields are markedmarked