Recent allegations have emerged regarding a significant data breach in which a group of hackers known as “Scattered Lapsus$ Hunters” claims to have compromised the private information of 989 million individuals across 39 major companies. The hackers reportedly exploited a vulnerability within Salesforce, prompting urgent discussions among the affected firms.
Details of the Breach
The group has publicly released data from six companies, among which are well-known organizations such as:
- Qantas Airways Limited
- Vietnam Airlines
- Fujifilm
- GAP, INC.
- Albertsons Companies, Inc.
- Engie Resources
They have set a deadline, indicating that negotiations must conclude by October 10, 2025, or the stolen data would be fully disclosed.
Impacted Companies and Data Sizes
| Company | Size of Data (GB) | Records |
|---|---|---|
| Qantas Airways Limited | 153 | 5,000,000+ |
| Vietnam Airlines | 63.62 | 23,000,000+ |
| Albertsons Companies, Inc. | 2 | 672,000+ |
| GAP, INC. | 1 | 224,000+ |
| Fujifilm | 0.155 | 224,000+ |
| Engie Resources | 3 | 537,000+ |
Contents of the Leaked Data
The data leaked from these companies contains sensitive personal information, which includes:
- Full names
- Email addresses
- Phone numbers
- Date of birth
- Home addresses
- Passport numbers
- Frequent flyer numbers and associated account information
- Membership and loyalty details
Specifics from Qantas Airways
The records obtained from Qantas amounted to 153 GB and contained over 5 million entries. This data is a mixture of personally identifiable information (PII), customer loyalty details, and internal business data, raising significant security concerns.
Implications for Affected Firms
With the company confirming that data from approximately 5.7 million customers was leaked, the full impact of this breach remains to be seen. Notably, this is not the first instance of data breaches for Qantas, as a previous incident involving a third-party vendor was reported in July 2025.
Conclusion
The potential ramifications of this breach extend beyond individual privacy concerns. The exposed data could lead to identity theft and fraud, drastically affecting customer trust and the reputations of the involved companies. As questions loom over the security practices of platforms like Salesforce, organizations must reassess their data protection strategies moving forward.
