Campaign
ShinyHunters Salesforce extortion wave with Qantas disclosure
Updated 15.01.2026 23:38
Case score 58
Score breakdown
- Total
- 58
- Lead score
- 58
- Support bonus
- +0 / 20
- Scoring support
- 0
- Context members
- 0
Top contributors
- Campaign Lead campaign event with a disclosed Qantas breach, passenger PII exposure, and explicit UNC6040/ShinyHunters context. base
Case score 58
Members 1
Latest activity 15.01.2026 23:38
Members 1
First seen 15.01.2026 17:45
Last seen 15.01.2026 17:45
Updated 15.01.2026 23:38
Overview
ShinyHunters' 2025 **Salesforce** extortion activity includes a **Qantas** breach disclosed after attackers entered a third-party platform used by one customer service contact center on June 30, 2025. Qantas says the intruders reached systems holding customer PII before containment, and the incident sits inside a broader **UNC6040** pattern that has targeted multiple global companies through **Salesforce** entry points.
Qantas says about **5.7 million** passengers were affected, with names, email addresses, frequent flyer numbers, and some contact details exposed. It says no payment card numbers, financial information, passport numbers, or account credentials were compromised, and it warned customers about impersonation scams while taking additional protective steps.
Qantas disclosed that attackers broke into a third-party platform used by one customer service contact center on June 30, 2025, and accessed systems containing customer PII before the breach was contained. The incident fits the wider 2025 **ShinyHunters**/**UNC6040** extortion wave that has used **Salesforce** as an entry point against multiple companies.
Qantas says about **5.7 million** passengers were affected, with exposed records including names, email addresses, and frequent flyer numbers for most impacted customers and some records also containing addresses, dates of birth, and phone numbers. The airline says no payment card numbers, financial information, passport numbers, or Qantas account credentials were impacted, and it reduced executive short-term compensation by **15%**, including a **$250,000** cut for CEO **Vanessa Hudson**, after the customer impact became clear.
Qantas says it took immediate action to contain the breach, added further customer protections, and warned customers about scam and phishing activity impersonating Qantas personnel.