WestJet and Qantas Bleed Data: Passports, IDs, and Salesforce Linked in Massive Cyber Heist
WestJet confirmed a June cyberattack exposed 1.2 million customer records, including passports and IDs. Qantas reported a separate breach impacting 5.7 million customers through a third-party Salesforce-linked system.
Commenters noted the pattern: Qantas used a platform breached by cybercriminals linked to Scattered Lapsus$ Hunters, utilizing social engineering tactics that the FBI had already warned about regarding fake IT worker impersonations. One user, 'Unit 42,' escalated the situation by claiming responsibility for the Qantas leak, demanding a ransom by October 10.
The sheer scale of data loss—names, emails, phone numbers, and government IDs—is the inescapable takeaway. Multiple major carriers showing repeated vulnerabilities on third-party platforms signals a systemic failure in corporate data protection across the travel industry.
Key Points
#1WestJet compromised customer data, including passport information.
lemmydev2 stated WestJet's June attack compromised 1.2 million records, specifically naming passports and IDs.
#2Qantas suffered a major leak involving millions of profiles.
xiao reported Qantas’s breach affected 5.7 million customers, pointing to a third-party system.
#3The attack vector utilized social engineering techniques.
xiao linked the Qantas hack to cybercriminals using social engineering, mirroring prior FBI warnings.
#4A specific group claimed responsibility for the Qantas breach.
Unit 42 asserted responsibility for the Qantas data leak, setting a ransom deadline.
#5The compromised data scope is extensive.
Multiple sources confirmed the theft of names, emails, and phone numbers, highlighting broad personal exposure.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.