- A major cyberattack affects global companies through Salesforce.
- Sensitive customer details exposed, no financial data.
- Global technology and airline giants attacked in violation.
SYDNEY: Australian airline Qantas said on Sunday that data from 5.7 million customers stolen in a major cyberattack this year had been shared online, part of a breach affecting dozens of companies.
Disney, Google, IKEA, Toyota, McDonald's and airlines Air France and KLM are also reported to have had their data stolen in a cyberattack targeting software company Salesforce, and a ransom is now being demanded for the information.
Salesforce said this month that it was “aware of recent extortion attempts by threat actors.”
Qantas confirmed in July that hackers had attacked one of its customer service centres, breaching a computer system used by a third party now known to be Salesforce.
They gained access to sensitive information such as customer names, email addresses, phone numbers and birthdays, the major Australian company said.
There have been no further breaches since then and the company is cooperating with Australian security services.
“Qantas is one of several companies globally that have had data released to them by cybercriminals following the airline's cyber incident in early July, where customer data was stolen through a third-party platform,” the company said in a statement.
Most of the leaked data was names, email addresses and details of frequent travelers, the company said.
But some of the data included customers' “business or home address, date of birth, phone number, gender and food preferences.”
“No credit card details, personal financial information or passport details were affected,” Qantas said.
It also said it had obtained an injunction from the Supreme Court of New South Wales, where the company is based, to prevent the stolen data from being “accessed, viewed, released, used, transmitted or published”.
Cybersecurity expert Troy Hunt said AFP which would do little to prevent the spread of the data.
“It's frankly ridiculous,” he said.
“Obviously it doesn't stop criminals anywhere, and it doesn't have any effect on people outside of Australia either.”
In response to questions about the leak, tech giant Google said AFP to an August statement saying that one of its corporate Salesforce servers had been attacked. He did not confirm whether the data had been leaked.
“Google responded to the activity, conducted an impact analysis, and completed email notifications to potentially affected companies,” said Melanie Lombardi, director of Google Cloud Security Communications.
Cybersecurity analysts have linked the attack to people with ties to a cybercriminal alliance called Scattered Lapsus$ Hunters.
Research group Unit 42 said in a note that the group had “taken responsibility for sieging Salesforce customers' tenants as part of a coordinated effort to steal data and hold it for ransom.”
The hackers had reportedly set a deadline of October 10 for ransom payment.
'The oldest tricks in the book'
The hackers stole the sensitive data using a social engineering technique, referring to a tactic of manipulating victims by posing as a company representative or another trusted person, experts said.
Last month, the FBI issued a warning about such attacks targeting Salesforce.
The agency said hackers posing as IT workers had tricked customer service employees into granting them access to sensitive data.
“They have been very effective,” said expert Hunt.
“And they haven't used any fancy technical feats…they've really exploited the oldest tricks in the books.”
The data hack of Australia's largest airline comes as a series of major cyber attacks in the country have raised concerns about the protection of personal data.
Qantas apologized last year after an issue with its mobile app exposed some passengers' names and trip details.
And major ports handling 40% of Australia's cargo trade came to a standstill in 2023 after hackers infiltrated the computers of operator DP World.
