Telstra Denies Scattered Spider Data Breach Claims Amid Ransom Threats

 

Telstra, one of Australia’s leading telecommunications companies, has denied claims made by the hacker group Scattered Spider that it suffered a massive data breach compromising nearly 19 million personal records. The company issued a statement clarifying that its internal systems remain secure and that the data in question was scraped from publicly available sources rather than stolen. In a post on X (formerly Twitter), Telstra emphasized that no passwords, banking details, or sensitive identification data such as driver’s licenses or Medicare numbers were included in the dataset. 

The claims originated from a dark web post published on October 3 by a group calling itself Scattered Lapsus$ Hunters, an offshoot of Scattered Spider. The group alleged it had stolen more than 100GB of personally identifiable information, including names and physical addresses, and warned that company executives should negotiate to avoid further data exposure. The attackers claimed the alleged breach took place in July 2023 and threatened to release the data publicly if a ransom was not paid by October 13, 2025. They also asserted possession of over 16 million records contained in a file named telstra.sql, which they said was part of a larger collection of 19 million records. 

In a surprising twist, the ransom note also mentioned Salesforce, the global cloud computing company, demanding negotiations begin with its executives. Salesforce swiftly rejected the demand, issuing a statement on October 8 declaring that it “will not engage, negotiate with, or pay any extortion demand,” aligning with global cybersecurity guidelines that discourage ransom payments. 

Scattered Lapsus$ Hunters has made similar claims about breaches involving several major corporations, including Qantas, IKEA, and Google AdSense. Cybersecurity intelligence platforms like Cyble Vision have documented multiple previous instances of alleged Telstra data breaches, some dating back to 2022. In one notable case, a threat actor called UnicornLover67 claimed to possess a dataset containing over 47,000 Telstra employee records, including email addresses and hashed passwords. Telstra has previously confirmed smaller breaches linked to third-party service providers, most recently in 2022, affecting around 132,000 customers. 

However, cybersecurity analysts remain uncertain whether the current claims represent a fresh breach or a recycling of old data. Experts suggest that previously leaked or publicly available datasets may have been repurposed to appear as new evidence of compromise. This possibility aligns with Telstra’s statement that no recent intrusion has occurred. 

The investigation into the alleged breach remains ongoing as the ransom deadline approaches. While Telstra continues to assert that its systems are uncompromised, the persistence of repeated breach claims underscores the growing challenge of misinformation and data reuse in the cybercrime landscape. The Cyber Express has reached out to Telstra for further updates and will continue to monitor the situation as new details emerge.