Archetyp Links

Qantas is one of almost 40 global companies that have until Friday to begin ransom negotiations with hackers who are threatening to leak up to 1bn personal data records. The hacker collective Scattered Lapsus$ Hunters reportedly released the extortion note on a data leaks site on the dark web over the weekend, demanding payment in return for preventing the stolen data from being shared. The hackers claimed to have stolen records from the Salesforce databases of 39 companies including Toyota, Disney, McDonald’s, Puma, Cartier, Adidas, Qantas, Air France-KLM, Google Adsense, Chanel and Ikea. The cybercriminal group is reportedly demanding both the victim companies and Salesforce contact them by 10 October about the payment of the ransom. “Contact us to negotiate this ransom or all your customers data will be leaked,” the note to Salesforce, as reported by Help Net Security, reads. Sign up: AU Breaking News email It is understood the data was stolen between April 2024 and September 2025 and includes personal and contact information of the companies’ customers and employees, including dates of birth, purchase histories and passport numbers. According to Cyber Daily, the criminals also claimed to have airline customers’ frequent flyer numbers. The hackers’ post contained samples of stolen data, including that of Qantas after a major cyber-attack in June that potentially exposed the records of up to 6 million customers. A Qantas spokesperson said its priorities were “continued vigilance and providing ongoing support for our customers” after the June attack. In July, Qantas obtained an ongoing injunction from the NSW supreme court ensuring protections to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties. “We continue to offer a 24/7 support line and specialist identity protection advice to affected customers,” the spokesperson said. A Salesforce spokesperson told Guardian Australia the company “will not engage, negotiate with, or pay any extortion demand”. skip past newsletter promotion Sign up to Breaking News Australia Free newsletter Get the most important news as it breaks Enter your email address Sign up Privacy Notice: Newsletters may contain information about charities, online ads, and content funded by outside parties. If you do not have an account, we will create a guest account for you on Newsletters may contain information about charities, online ads, and content funded by outside parties. If you do not have an account, we will create a guest account for you on theguardian.com to send you this newsletter. You can complete full registration at any time. For more information about how we use your data see our Privacy Policy . We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply. after newsletter promotion There was no indication the Salesforce platform had been compromised, the company said via a statement. “We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support,” it said. Aiden Sinnott, a security researcher with Sophos cybersecurity’s counter-threat unit, said Scattered Lapsus$ Hunters had a history of large data leaks. “A lot of what they post is intentional misinformation, mischief and trolling so it is hard to predict what will happen on the 10th. They aren’t averse to leaking huge amounts of data so if they do have Qantas data I wouldn’t be surprised if they leaked it,” he said in a statement. According to analysis by the Google Threat Intelligence Group, the hacker collective is a “financially motivated threat cluster” that specialises in voice phishing campaigns manipulating end users. “This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials,” Google stated.