Qantas aircraft are seen on the tarmac at Melbourne International Airport in Melbourne
Qantas confirmed data from 5.7 million customers was leaked online following a cyberattack on Salesforce Reuters

KEY POINTS

  • The breach exposed personal details such as names, emails, phone numbers and dates of birth of customers.
  • Qantas stressed that flight operations and booking systems were not affected.
  • Salesforce confirmed it was 'aware of recent extortion attempts' after hackers targeted multiple global firms including Disney, Google, IKEA, Toyota and McDonald's.

Australian airline Qantas has confirmed that data from 5.7 million of its customers was published online following a major cyberattack that also affected dozens of multinational companies, including Disney, Google, IKEA, Toyota, and McDonald's.

The breach, first reported in July, has now been linked to a widespread cyberattack targeting Salesforce, the US-based software giant whose systems are used by some of the world's largest firms for customer management and analytics.

Qantas said over the weekend that hackers had gained access to one of its third-party customer contact systems, allowing them to steal personal details such as names, phone numbers, email addresses, dates of birth and frequent flyer details.

'Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline's cyber incident in early July, where customer data was stolen via a third-party platform,' the company said in a statement on Sunday.

The airline added that it was working with cybersecurity experts and Australian authorities to determine the scope of the leak.

'With the help of specialist cyber security experts, we are investigating what data was part of the release,' Qantas said. 'No further breaches have taken place since, and we continue to cooperate fully with the Australian Cyber Security Centre.'

Part of a Global Breach

The incident is part of a larger, ongoing cyberattack against Salesforce that has compromised the systems of several global corporations.

According to reports in Australian and US media, hackers are now attempting to ransom the stolen data, with portions of the information already being shared on the dark web.

Salesforce confirmed earlier this month that it was 'aware of recent extortion attempts by threat actors' following the breach. The company has not yet provided a full list of affected clients but acknowledged that the attack impacted multiple organisations across sectors including aviation, retail, and technology.

Cybersecurity analysts said the breach is significant because of Salesforce's deep integration into the global corporate infrastructure. Many companies rely on its cloud-based services to handle customer interactions and store sensitive personal data.

'The ripple effects of a Salesforce breach are immense because its software acts as a central data repository for hundreds of major enterprises,' said Marcus Hanley, a Sydney-based cybersecurity consultant. 'When one system gets compromised, the attackers gain access to customer details from multiple companies simultaneously.'

Qantas Says Financial Data Safe

Qantas emphasised that no financial details, passport information, or travel history were stored in the compromised system. The company reassured passengers that flight operations and core booking systems remained unaffected.

'Credit card details and passport numbers were not kept in the system,' the airline said, noting that the breach had been confined to data managed by a third-party provider.

In July, Qantas first disclosed that a cyber incident had targeted its customer service platform, later identified as Salesforce. At the time, it said it was conducting a review of its vendor relationships and strengthening data protection measures across its digital infrastructure.

The Australian flag carrier has faced scrutiny in recent years over its customer experience and operational reliability, and this latest breach adds to mounting pressure on the company to restore public confidence.

Wider Fallout for the Corporate Sector

The Qantas leak is one of several high-profile data breaches to hit major corporations this year, underscoring growing vulnerabilities across the tech supply chain.

The Salesforce hack, in particular, highlights how third-party software providers have become prime targets for cybercriminals. By exploiting weaknesses in shared systems, hackers can effectively bypass the defences of multiple clients at once.

'This is yet another reminder that companies are only as secure as their weakest vendor,' said Hanley. 'Even firms with strong in-house security measures can find themselves exposed through third-party dependencies.'

Australian officials have warned that ransomware and data-extortion attacks are becoming increasingly sophisticated. The government has launched a National Cyber Security Coordinator to respond more effectively to major breaches and improve coordination between public and private sectors.

Next Steps for Qantas

Qantas said it has begun notifying affected customers and will provide identity protection support where necessary. The airline reiterated that no further incidents have occurred since July.

'We deeply regret any concern caused by this cyber incident,' the company said. 'Our priority remains the security and privacy of our customers.'

As of Sunday, no ransom payments have been reported, and the extent of the leaked data is still being verified. Cybersecurity experts, however, warn that the release of customer information online could lead to a rise in phishing scams and identity theft targeting Qantas passengers in the weeks ahead.

The Salesforce breach marks one of the largest global data exposures of 2025 so far, affecting companies across multiple industries — and raising renewed questions about how well corporate data is protected in an increasingly connected world.

Writer's pick