Hackers leaked personal data of 5.7 million Australians on the dark web after not receiving a ransom, and now they’re threatening to target Australia more until it changes its laws.
Nearly 40 global companies, including Qantas, were attacked by the hacker group Scattered Lapsus$ Hunters, which is active in the US, the UK and Australia. In total, hackers acquired approximately one billion personal records.
The data was stolen from cloud service Salesforce in July, affecting McDonald’s, IKEA, Toyota, Disney and others. Stolen Qantas data includes emails, phone numbers, dates of birth and frequent flyer details, but Qantas said no card details were impacted.
“Don’t be the next headline, should have paid the ransom,” hackers wrote on Saturday, marking the data as “leaked”.
In their Telegram, they addressed the Australian government.
“Change your laws, change your policies, change something, we will endlessly attack you till you eventually rewrite your own rules,” they wrote.
Australia stays firm on refusing to pay ransoms to cyber criminals. Transport Minister Catherine King said she was one of those whose data was published on the dark web. But she doesn’t think that “Australia needs to change its ways”. But it should constantly adapt because “these people are smart” and are always after our data.
“It is incumbent on agencies that have this data to protect it as strongly as they possibly can,” she said.
Jeremy Kirk, analyst at cybersecurity company Intel 471, told the Guardian that hackers can use data to open new credit cards and advised Australians to beware of personalised scam emails.
“These days, a lot of threat groups are now generating personalised phishing emails,” he said. “They’re getting better and better at this – and these types of breaches help sort of fuel that economy, that underground fraudster economy.”
Photo: Qantas Headquarters by MDRX found HERE and used under a Creative Commons Attribution-Share Alike 4.0 International license. The image has not been modified.
