Australia’s flagship carrier, Qantas Airways, has confirmed that customer data stolen in a July cyberattack has been published online by cybercriminals, making it one of the most significant data breaches in the country’s recent history. The airline had earlier revealed that the hack exposed sensitive details—such as phone numbers, birth dates, and home addresses—of more than one million customers, while another four million had their names and email addresses compromised.
In a statement on Sunday, Qantas said it was “one of several companies globally” whose stolen data was released following the July breach, which occurred via a third-party platform. The airline disclosed that it is working with cybersecurity experts to determine the extent of the data exposure and assess what information was part of the leak.
Qantas added that it had secured an injunction to prevent the stolen data from being “accessed, viewed, released, used, transmitted or published” by any individual or organization, including third parties. The company reiterated its commitment to safeguarding customer information as investigations continue.
According to reports by Guardian Australia, the hacker collective known as Scattered Lapsus$ Hunters claimed responsibility for the data release, which followed the expiration of a ransom deadline. Qantas declined to comment on the group’s claims but reaffirmed that it was taking all necessary steps to contain the fallout of the breach.