Massive Cyber Breach Hits Qantas and Global Giants Through Salesforce Hack
In one of the most far-reaching cyberattacks of the year, Australian airline Qantas has confirmed that the personal data of 5.7 million customers has been leaked online following a major breach of the software company Salesforce. The cyberattack has also affected global brands including Google, Disney, IKEA, Air France, KLM, Toyota, and McDonald’s, exposing sensitive customer data and triggering international investigations.
Salesforce, a leading customer relationship management (CRM) platform used by thousands of major corporations, admitted earlier this month that it was “aware of recent extortion attempts by threat actors.” Analysts say the hackers behind the breach are now holding stolen data for ransom, impacting dozens of firms worldwide.
Qantas Confirms Data of Millions Exposed
Qantas revealed that the data leak originated from a July cyber incident, when hackers targeted one of its customer contact centers that used Salesforce systems. The attackers gained access to sensitive customer information, including names, email addresses, phone numbers, dates of birth, and travel preferences.
While Qantas reassured customers that no credit card details, passport numbers, or financial information were compromised, the leak still raises major privacy concerns.
In a statement on Sunday, the airline said:
“Qantas is one of a number of companies globally that has had data released by cybercriminals following the airline’s cyber incident in early July, where customer data was stolen via a third-party platform.”
The company emphasized that there have been no further breaches since the July incident and that it is cooperating closely with Australian cybersecurity agencies to contain the fallout.
Legal Measures and Limited Protection
To curb the spread of leaked data, Qantas obtained a legal injunction from the Supreme Court of New South Wales, preventing the stolen information from being “accessed, viewed, released, used, transmitted, or published.”
However, cybersecurity experts warn that such measures have limited practical impact once the data is already circulating online.
Cybersecurity analyst Troy Hunt criticized the move, calling it “symbolic rather than effective.”
“It’s frankly ridiculous,” Hunt told AFP. “It doesn’t stop criminals anywhere and really doesn’t have any effect outside of Australia.”
Experts say the injunction might slow the public distribution of the data within Australia, but it does little to prevent international sharing or sale of the stolen information on the dark web.
Google, Disney, IKEA and Others Also Affected
The cyberattack wasn’t limited to Qantas. Tech giant Google confirmed that one of its Salesforce servers was also targeted, though it did not specify whether any user data was leaked.
In a statement, Melanie Lombardi, head of Google Cloud Security Communications, said:
“Google responded to the activity, performed an impact analysis, and has completed email notifications to the potentially affected businesses.”
Meanwhile, other global firms — including Disney, IKEA, Toyota, Air France, KLM, and McDonald’s — were reportedly among the dozens of companies compromised in the same attack. The breach is believed to have exposed corporate and customer data, which hackers are now holding for ransom.
Hackers Linked to Notorious Cybercrime Group
Cybersecurity analysts have linked the Salesforce breach to a criminal alliance known as the Scattered Lapsus$ Hunters — a network infamous for its attacks on major technology companies.
According to research group Unit 42, the group has claimed responsibility for “laying siege to customer Salesforce tenants” as part of a coordinated campaign to steal sensitive data and extort victims.
Reports suggest the hackers set an October 10 ransom deadline, threatening to release all stolen data if payments were not made.
The FBI has also issued a public warning about similar attacks targeting Salesforce users, citing a rise in social engineering tactics where hackers impersonate IT workers or customer service representatives to gain unauthorized access.
Social Engineering: The ‘Oldest Trick in the Book’
Unlike traditional cyberattacks that exploit software vulnerabilities, this hack relied on human manipulation. Cybercriminals reportedly tricked employees into handing over login credentials or multi-factor authentication codes by pretending to be legitimate company representatives.
“It hasn’t been using any sophisticated technical exploits,” said Troy Hunt. “They’ve exploited really the oldest tricks in the book — human trust.”
This method of deception, known as social engineering, has become increasingly common in recent years. Even highly secure systems can be compromised when employees are deceived into unknowingly granting access to hackers.
A Pattern of Cyberattacks in Australia
This latest breach adds to a growing list of major cyber incidents in Australia, raising serious questions about data security across industries.
In 2023, DP World, one of the country’s biggest port operators, was hit by a cyberattack that disrupted nearly 40% of Australia’s freight trade for several days.
Qantas itself also suffered a separate incident last year, when a mobile app glitch accidentally revealed the names and travel details of other passengers.
These repeated breaches have prompted the Australian government to call for stronger cybersecurity laws, more transparency from corporations, and mandatory reporting of all large-scale data leaks.
Salesforce Under Scrutiny
Salesforce, headquartered in San Francisco, has been the backbone of data management for thousands of global corporations, including airlines, retailers, and government agencies.
The recent breach has placed the company under intense scrutiny, as it works to determine how hackers gained access and why so many clients were affected simultaneously.
In an earlier statement, Salesforce confirmed it was “working closely with law enforcement and cybersecurity experts” to investigate the incident, adding that it had taken steps to improve internal security protocols and notify affected clients.
However, experts say the attack highlights the risks of centralized data systems — when one platform serves as a gateway for hundreds of organizations, a single breach can trigger a domino effect with global consequences.
Global Implications and Ongoing Fallout
The Salesforce breach has underscored how interconnected the world’s data systems have become — and how a single vulnerability can ripple across industries and borders.
For millions of Qantas customers, the exposure of personal data is a chilling reminder of the fragility of online privacy. And for corporations worldwide, the incident serves as a wake-up call to strengthen employee training, enhance system security, and reduce dependence on third-party platforms.
As cybersecurity agencies continue to track the hackers responsible, the true scale of the damage — and the cost to global businesses — is still being assessed. But one thing is clear: the Salesforce hack will be remembered as one of the most widespread data breaches in recent years, affecting some of the world’s most trusted brands.