In July 2025, Qantas Airways (Australia’s flag carrier) suffered a Salesforce data breach attributed to ShinyHunters/Scattered Lapsus$ Hunters via a vishing campaign. Approximately 5.7 million customer records were exfiltrated. Exposed data included customer names, email addresses, phone numbers, frequent flyer program details, and for a subset: home/business addresses, dates of birth, gender preferences, and meal selections. Credit card details, financial information, and passport data were not compromised. This attack is part of a broader ShinyHunters Salesforce vishing campaign that started around June 2025 and affected at least 91 organizations worldwide, including Allianz Life, LVMH, Adidas, Cartier, Air France-KLM, Cisco, and others (see 2025-07_allianz-life-shiny-hunters.yaml).