(MENAFN) Qantas Airways has confirmed that sensitive personal data belonging to 5.7 million of its customers has been exposed, following a major cyber attack that occurred in late June. The breach is linked to a global hacking campaign targeting users of Salesforce, the airline said in a statement on Sunday.

The compromised data—originally accessed through a third-party system used by an offshore Qantas call center—included customer names, phone numbers, email addresses, birth dates, and frequent flyer account numbers. The airline had initially disclosed the breach in early July but now confirms the stolen information has been published online.

Qantas is one of 39 organizations identified as victims of the cybercriminal group, which exploited vulnerabilities between April 2024 and September 2025 in Salesforce-related platforms. The group had issued an ultimatum demanding a ransom from Salesforce, threatening to release the stolen data if payment was not made by Saturday’s deadline.

In its Sunday statement, Qantas stressed it had already informed affected customers about what types of data were involved. The airline also obtained an injunction to restrict any access, sharing, or publication of the leaked data.

"We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred," the airline said.

Qantas reiterated its cooperation with the Australian government and law enforcement as investigations and mitigation efforts continue.

MENAFN12102025000045017169ID1110184805