QANTAS Cyber Incident

dairyfloss · 2025-07-02T10:34:09+1000

sudoer said:
My guess is it's their CRM. Anyone know what they use? Salesforce?

6 million is an unusual number of customer records - it's less than the total number of QFFs but undoubtedly more than other QFF adjacent programs like QBR, Qantas Wine, Qantas Shopping, etc.

They say no passport details stolen - but if it is their CRM, passport details may be at risk if customers' future PNR details were taken and those PNRs contain APIS data.

Yes - Salesforce; or at least it's certainly been a part of their customer service incident ticketing

iflyineconomy · 2025-07-02T10:35:29+1000

Flyerwin said:
They can now deepfake video and audio, so that's not an impossibility...

Going to be more and more common with these types of tech getting better.

Good for executive travel though, can't beat a handshake with a real person

AFF Editor · 2025-07-02T10:39:29+1000

sudoer said:
Could you ask if any PNR details were exposed?

Our understanding at this point is that bookings are not impacted.

Haplo · 2025-07-02T10:42:23+1000

I am pretty sure my call got answered by the Manila call centre when I was asking for a manual search of China Eastern and Emirate awards last month.

I am with Optus so my data is probably out there in the wild anyway.

CaptJCool · 2025-07-02T10:43:05+1000

ab156 said:
So, within 36 hours the team identified "additional security measures" and were able to "strengthen system monitoring and detection.".

That is incredible work and the truth that the requirement for this investment in technology was previously not known, identified or discussed will be simple to justify when the representative proceeding commences.

This tells you so much

Like why was this NOT done several years ago. Seems a lot of “doubting Thomas’” won the day until the actual event happened and then reactively they “spring into action” looking like Saviours when they’re really just been intellectually lazy

Aeryn · 2025-07-02T10:49:51+1000

Im positive Ive spoken with Manilla when chasing missing points and also when irrops have required changes to an existing booking. Unfortunately WP doesn't guarantee you Tas/NZ where staff are competent.

One can only hope that since QBR is also in Manilla that maybe limited to to QBR and then my data would be safe.

With the data leaked I dont think they can guarantee that bookings will remain unaffected as if they spoof the mobile number they have all the information needed to request a PIN reset. Not happy.

kamchatsky · 2025-07-02T10:50:14+1000

CaptJCool said:
This tells you so much

Like why was this NOT done several years ago. Seems a lot of “doubting Thomas’” won the day until the actual event happened and then reactively they “spring into action” looking like Saviours when they’re really just been intellectually lazy

"Strengthen system monitoring and detection" is most likely sends the system feed to another instance of SIEM somewhere else ...... But then no one actually monitors the SIEM anyway.

sudoer · 2025-07-02T10:51:47+1000

opusman said:
If your PIN is your birth date, change it now!

Or postcode.

Seat0B · 2025-07-02T10:53:36+1000

AFF Editor said:
We've been in touch with Qantas about this incident. You can read a summary of what we know so far here:

Qantas Cyber Attack: What You Need to Know

Around six million Qantas customers have been impacted by a cyber incident, where a criminal stole personal information including frequent flyer numbers and contact details.

www.australianfrequentflyer.com.au

Quick work @AFF Editor. Thank you

SeatBackForward · 2025-07-02T11:02:33+1000

From the page they put up about it:

Qantas has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Given the criminal nature of this incident, the Australian Federal Police has also been notified. We will continue to support these agencies as the investigation continues.

Fat lot of good any of the above will do when you've outsourced to the cheapest bidder offshore who's targeted by criminals from anywhere in the world...

The exec's who were part of the offshoring craze in the past decades should be brought back and held responsible for these, and all the hefty bonuses they received when they saved so much money for these companies should be used as part of the victim compensation payouts.

rigram · 2025-07-02T11:05:57+1000

I'm changing my email address associated with QF account - that's any easy action my end

Pushka · 2025-07-02T11:12:14+1000

Given we rarely get the Hobart call centre even on premium lines but are shunted around the world to a call centre, it's a bit of an understatement to say only those who've interacted with the Manila call centre are impacted. Which really narrows it down - not one jot.

SeatBackForward · 2025-07-02T11:13:44+1000

Pushka said:
it's a bit of an understatement to say only those who've interacted with the Manila call centre are impacted. Which really narrows it down - not one jot.

And anyone who's ever sent a FF related email - which seems to be any purchase I make after clicking on their shopping site..

Pushka · 2025-07-02T11:13:59+1000

opusman said:
If your PIN is your birth date, change it now!

Qantas doesn't allow that. Edited to clarify . Year of birth anyway. Didn't ry the month.

ab156 · 2025-07-02T11:15:50+1000

CaptJCool said:
This tells you so much

Like why was this NOT done several years ago. Seems a lot of “doubting Thomas’” won the day until the actual event happened and then reactively they “spring into action” looking like Saviours when they’re really just been intellectually lazy

Risk management in the investment committee is remarkably straightforward—just ignore it or bump it down the priority list. After all, what’s the worst that could happen? A sternly worded letter from the OAIC and a mildly uncomfortable public apology? Hardly worth losing sleep over when there are financial targets to hit and bonuses on the line.

Until Boards and Executives start facing personal financial consequences—actual, tangible punitive damages, performative risk management will remain BAU.

SeatBackForward · 2025-07-02T11:18:13+1000

ab156 said:
Until Boards and Executives start facing personal financial consequences—actual, tangible punitive damages, performative risk management will remain BAU.

And any fines/penalties borne by the company are just the cost of doing business to earn those rewards.

Aeryn · 2025-07-02T11:41:24+1000

Pushka said:
Qantas doesn't allow that.

They certainly have in the past, last year I found out my elderly dad had his pin as DDMM of his birthday and forced him to change it to something not obvious.

Flyerwin · 2025-07-02T11:45:02+1000

Haplo said:
I am with Optus so my data is probably out there in the wild anyway.

I had the trifecta of Lattitude, Medibank and Optus, so adding to Qantas to the list doesn't really add much more to the risks lol.

What a world we live in...

Sprucegoose · 2025-07-02T11:49:37+1000

If the hackers can help me with my DONE4, I would be genuinely appreciative......

kookaburra75 · 2025-07-02T11:51:19+1000

Flyerwin said:
I had the trifecta of Lattitude, Medibank and Optus, so adding to Qantas to the list doesn't really add much more to the risks lol.
What a world we live in...

This is a good place to check, to see how you have fared in terms of your email address being out in the wild Have I Been Pwned: Check if your email address has been exposed in a data breach

QANTAS Cyber Incident

Established Member

Junior Member

Established Member

Member

Established Member

Member

Established Member

Senior Member

Established Member

Senior Member

Member

Veteran Member

Senior Member

Veteran Member

Intern

Senior Member

Member

Member

Senior Member

Established Member

Become an AFF member!

AFF forum abbreviations