ShinyHunters Salesforce extortion wave with Qantas disclosure

Qantas disclosed that attackers broke into a third-party platform used by one customer service contact center on June 30, 2025, and accessed systems containing customer PII before the breach was contained. The incident fits the wider 2025 **ShinyHunters**/**UNC6040** extortion wave that has used **Salesforce** as an entry point against multiple companies. Qantas says about **5.7 million** passengers were affected, with exposed records including names, email addresses, and frequent flyer numbers for most impacted customers and some records also containing addresses, dates of birth, and phone numbers. The airline says no payment card numbers, financial information, passport numbers, or Qantas account credentials were impacted, and it reduced executive short-term compensation by **15%**, including a **$250,000** cut for CEO **Vanessa Hudson**, after the customer impact became clear. Qantas says it took immediate action to contain the breach, added further customer protections, and warned customers about scam and phishing activity impersonating Qantas personnel.