Qantas Admits Bocor Customer Data Was Issued By Hackers Months After Cyber Attack

JAKARTA Australia's national airline Qantas Airways announced on Sunday 12 October that their customer data had been published by a hacker group, months after a major data leak in July 2025 involving millions of subscribers.

In its official statement, Qantas said that it is one of a number of companies in the world whose data was released by cybercriminals following a hacking incident that occurred in early July, in which customer data was stolen through a third-party platform.

"With the help of cybersecurity experts, we are investigating which types of data are included in the data released," Qantas said, quoted by VOI from Reuters. We have also filed a court order prohibiting anyone, including third parties, from accessing, seeing, using, publishing, or disseminating the stolen data.

In July, Qantas reported that more than one million of their customers lost sensitive data such as phone numbers, date of birth, and home addresses in one of Australia's largest data leaks in recent years. About four million other subscribers have only experienced name and email address theft.

The incident has been one of Australia's most prominent cyberattacks since major cases hit telecommunications firm Optus and health insurance company Medibank in 2022 two events which prompted the Australian government to impose stricter cyber resilience laws.

According to a Australian Guardian report, the hacker group calling themselves Scattered Lapsus$ Hunters was behind Qantas' data leak this time. The data was reportedly released after the ransom payment deadline set by the group passed. Qantas declined to comment on the report.